Home | History | Annotate | Download | only in ssl
      1 /*! \file ssl/ssl_lib.c
      2  *  \brief Version independent SSL functions.
      3  */
      4 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      5  * All rights reserved.
      6  *
      7  * This package is an SSL implementation written
      8  * by Eric Young (eay (at) cryptsoft.com).
      9  * The implementation was written so as to conform with Netscapes SSL.
     10  *
     11  * This library is free for commercial and non-commercial use as long as
     12  * the following conditions are aheared to.  The following conditions
     13  * apply to all code found in this distribution, be it the RC4, RSA,
     14  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     15  * included with this distribution is covered by the same copyright terms
     16  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     17  *
     18  * Copyright remains Eric Young's, and as such any Copyright notices in
     19  * the code are not to be removed.
     20  * If this package is used in a product, Eric Young should be given attribution
     21  * as the author of the parts of the library used.
     22  * This can be in the form of a textual message at program startup or
     23  * in documentation (online or textual) provided with the package.
     24  *
     25  * Redistribution and use in source and binary forms, with or without
     26  * modification, are permitted provided that the following conditions
     27  * are met:
     28  * 1. Redistributions of source code must retain the copyright
     29  *    notice, this list of conditions and the following disclaimer.
     30  * 2. Redistributions in binary form must reproduce the above copyright
     31  *    notice, this list of conditions and the following disclaimer in the
     32  *    documentation and/or other materials provided with the distribution.
     33  * 3. All advertising materials mentioning features or use of this software
     34  *    must display the following acknowledgement:
     35  *    "This product includes cryptographic software written by
     36  *     Eric Young (eay (at) cryptsoft.com)"
     37  *    The word 'cryptographic' can be left out if the rouines from the library
     38  *    being used are not cryptographic related :-).
     39  * 4. If you include any Windows specific code (or a derivative thereof) from
     40  *    the apps directory (application code) you must include an acknowledgement:
     41  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     42  *
     43  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     44  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     45  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     46  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     47  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     48  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     49  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     50  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     51  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     52  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     53  * SUCH DAMAGE.
     54  *
     55  * The licence and distribution terms for any publically available version or
     56  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     57  * copied and put under another distribution licence
     58  * [including the GNU Public Licence.]
     59  */
     60 /* ====================================================================
     61  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
     62  *
     63  * Redistribution and use in source and binary forms, with or without
     64  * modification, are permitted provided that the following conditions
     65  * are met:
     66  *
     67  * 1. Redistributions of source code must retain the above copyright
     68  *    notice, this list of conditions and the following disclaimer.
     69  *
     70  * 2. Redistributions in binary form must reproduce the above copyright
     71  *    notice, this list of conditions and the following disclaimer in
     72  *    the documentation and/or other materials provided with the
     73  *    distribution.
     74  *
     75  * 3. All advertising materials mentioning features or use of this
     76  *    software must display the following acknowledgment:
     77  *    "This product includes software developed by the OpenSSL Project
     78  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     79  *
     80  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     81  *    endorse or promote products derived from this software without
     82  *    prior written permission. For written permission, please contact
     83  *    openssl-core (at) openssl.org.
     84  *
     85  * 5. Products derived from this software may not be called "OpenSSL"
     86  *    nor may "OpenSSL" appear in their names without prior written
     87  *    permission of the OpenSSL Project.
     88  *
     89  * 6. Redistributions of any form whatsoever must retain the following
     90  *    acknowledgment:
     91  *    "This product includes software developed by the OpenSSL Project
     92  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     93  *
     94  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     95  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     96  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     97  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     98  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     99  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
    100  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
    101  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    102  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    103  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    104  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    105  * OF THE POSSIBILITY OF SUCH DAMAGE.
    106  * ====================================================================
    107  *
    108  * This product includes cryptographic software written by Eric Young
    109  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    110  * Hudson (tjh (at) cryptsoft.com).
    111  *
    112  */
    113 /* ====================================================================
    114  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    115  * ECC cipher suite support in OpenSSL originally developed by
    116  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    117  */
    118 /* ====================================================================
    119  * Copyright 2005 Nokia. All rights reserved.
    120  *
    121  * The portions of the attached software ("Contribution") is developed by
    122  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
    123  * license.
    124  *
    125  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
    126  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
    127  * support (see RFC 4279) to OpenSSL.
    128  *
    129  * No patent licenses or other rights except those expressly stated in
    130  * the OpenSSL open source license shall be deemed granted or received
    131  * expressly, by implication, estoppel, or otherwise.
    132  *
    133  * No assurances are provided by Nokia that the Contribution does not
    134  * infringe the patent or other intellectual property rights of any third
    135  * party or that the license provides you with all the necessary rights
    136  * to make use of the Contribution.
    137  *
    138  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
    139  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
    140  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
    141  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
    142  * OTHERWISE.
    143  */
    144 
    145 #ifdef REF_CHECK
    146 #  include <assert.h>
    147 #endif
    148 #include <stdio.h>
    149 #include "ssl_locl.h"
    150 #include "kssl_lcl.h"
    151 #include <openssl/objects.h>
    152 #include <openssl/lhash.h>
    153 #include <openssl/x509v3.h>
    154 #include <openssl/rand.h>
    155 #include <openssl/ocsp.h>
    156 #ifndef OPENSSL_NO_DH
    157 #include <openssl/dh.h>
    158 #endif
    159 #ifndef OPENSSL_NO_ENGINE
    160 #include <openssl/engine.h>
    161 #endif
    162 
    163 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
    164 
    165 SSL3_ENC_METHOD ssl3_undef_enc_method={
    166 	/* evil casts, but these functions are only called if there's a library bug */
    167 	(int (*)(SSL *,int))ssl_undefined_function,
    168 	(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
    169 	ssl_undefined_function,
    170 	(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
    171 	(int (*)(SSL*, int))ssl_undefined_function,
    172 	(int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
    173 	0,	/* finish_mac_length */
    174 	(int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
    175 	NULL,	/* client_finished_label */
    176 	0,	/* client_finished_label_len */
    177 	NULL,	/* server_finished_label */
    178 	0,	/* server_finished_label_len */
    179 	(int (*)(int))ssl_undefined_function,
    180 	(int (*)(SSL *, unsigned char *, size_t, const char *,
    181 		 size_t, const unsigned char *, size_t,
    182 		 int use_context)) ssl_undefined_function,
    183 	};
    184 
    185 int SSL_clear(SSL *s)
    186 	{
    187 
    188 	if (s->method == NULL)
    189 		{
    190 		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
    191 		return(0);
    192 		}
    193 
    194 	if (ssl_clear_bad_session(s))
    195 		{
    196 		SSL_SESSION_free(s->session);
    197 		s->session=NULL;
    198 		}
    199 
    200 	s->error=0;
    201 	s->hit=0;
    202 	s->shutdown=0;
    203 
    204 #if 0 /* Disabled since version 1.10 of this file (early return not
    205        * needed because SSL_clear is not called when doing renegotiation) */
    206 	/* This is set if we are doing dynamic renegotiation so keep
    207 	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
    208 	if (s->renegotiate) return(1);
    209 #else
    210 	if (s->renegotiate)
    211 		{
    212 		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
    213 		return 0;
    214 		}
    215 #endif
    216 
    217 	s->type=0;
    218 
    219 	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
    220 
    221 	s->version=s->method->version;
    222 	s->client_version=s->version;
    223 	s->rwstate=SSL_NOTHING;
    224 	s->rstate=SSL_ST_READ_HEADER;
    225 #if 0
    226 	s->read_ahead=s->ctx->read_ahead;
    227 #endif
    228 
    229 	if (s->init_buf != NULL)
    230 		{
    231 		BUF_MEM_free(s->init_buf);
    232 		s->init_buf=NULL;
    233 		}
    234 
    235 	ssl_clear_cipher_ctx(s);
    236 	ssl_clear_hash_ctx(&s->read_hash);
    237 	ssl_clear_hash_ctx(&s->write_hash);
    238 
    239 	s->first_packet=0;
    240 
    241 #if 1
    242 	/* Check to see if we were changed into a different method, if
    243 	 * so, revert back if we are not doing session-id reuse. */
    244 	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
    245 		{
    246 		s->method->ssl_free(s);
    247 		s->method=s->ctx->method;
    248 		if (!s->method->ssl_new(s))
    249 			return(0);
    250 		}
    251 	else
    252 #endif
    253 		s->method->ssl_clear(s);
    254 	return(1);
    255 	}
    256 
    257 /** Used to change an SSL_CTXs default SSL method type */
    258 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
    259 	{
    260 	STACK_OF(SSL_CIPHER) *sk;
    261 
    262 	ctx->method=meth;
    263 
    264 	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
    265 		&(ctx->cipher_list_by_id),
    266 		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
    267 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
    268 		{
    269 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
    270 		return(0);
    271 		}
    272 	return(1);
    273 	}
    274 
    275 SSL *SSL_new(SSL_CTX *ctx)
    276 	{
    277 	SSL *s;
    278 
    279 	if (ctx == NULL)
    280 		{
    281 		SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
    282 		return(NULL);
    283 		}
    284 	if (ctx->method == NULL)
    285 		{
    286 		SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
    287 		return(NULL);
    288 		}
    289 
    290 	s=(SSL *)OPENSSL_malloc(sizeof(SSL));
    291 	if (s == NULL) goto err;
    292 	memset(s,0,sizeof(SSL));
    293 
    294 #ifndef	OPENSSL_NO_KRB5
    295 	s->kssl_ctx = kssl_ctx_new();
    296 #endif	/* OPENSSL_NO_KRB5 */
    297 
    298 	s->options=ctx->options;
    299 	s->mode=ctx->mode;
    300 	s->max_cert_list=ctx->max_cert_list;
    301 
    302 	if (ctx->cert != NULL)
    303 		{
    304 		/* Earlier library versions used to copy the pointer to
    305 		 * the CERT, not its contents; only when setting new
    306 		 * parameters for the per-SSL copy, ssl_cert_new would be
    307 		 * called (and the direct reference to the per-SSL_CTX
    308 		 * settings would be lost, but those still were indirectly
    309 		 * accessed for various purposes, and for that reason they
    310 		 * used to be known as s->ctx->default_cert).
    311 		 * Now we don't look at the SSL_CTX's CERT after having
    312 		 * duplicated it once. */
    313 
    314 		s->cert = ssl_cert_dup(ctx->cert);
    315 		if (s->cert == NULL)
    316 			goto err;
    317 		}
    318 	else
    319 		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
    320 
    321 	s->read_ahead=ctx->read_ahead;
    322 	s->msg_callback=ctx->msg_callback;
    323 	s->msg_callback_arg=ctx->msg_callback_arg;
    324 	s->verify_mode=ctx->verify_mode;
    325 #if 0
    326 	s->verify_depth=ctx->verify_depth;
    327 #endif
    328 	s->sid_ctx_length=ctx->sid_ctx_length;
    329 	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
    330 	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
    331 	s->verify_callback=ctx->default_verify_callback;
    332 	s->session_creation_enabled=1;
    333 	s->generate_session_id=ctx->generate_session_id;
    334 
    335 	s->param = X509_VERIFY_PARAM_new();
    336 	if (!s->param)
    337 		goto err;
    338 	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
    339 #if 0
    340 	s->purpose = ctx->purpose;
    341 	s->trust = ctx->trust;
    342 #endif
    343 	s->quiet_shutdown=ctx->quiet_shutdown;
    344 	s->max_send_fragment = ctx->max_send_fragment;
    345 
    346 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
    347 	s->ctx=ctx;
    348 #ifndef OPENSSL_NO_TLSEXT
    349 	s->tlsext_debug_cb = 0;
    350 	s->tlsext_debug_arg = NULL;
    351 	s->tlsext_ticket_expected = 0;
    352 	s->tlsext_status_type = -1;
    353 	s->tlsext_status_expected = 0;
    354 	s->tlsext_ocsp_ids = NULL;
    355 	s->tlsext_ocsp_exts = NULL;
    356 	s->tlsext_ocsp_resp = NULL;
    357 	s->tlsext_ocsp_resplen = -1;
    358 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
    359 	s->initial_ctx=ctx;
    360 # ifndef OPENSSL_NO_NEXTPROTONEG
    361 	s->next_proto_negotiated = NULL;
    362 # endif
    363 #endif
    364 
    365 	s->verify_result=X509_V_OK;
    366 
    367 	s->method=ctx->method;
    368 
    369 	if (!s->method->ssl_new(s))
    370 		goto err;
    371 
    372 	s->references=1;
    373 	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
    374 
    375 	SSL_clear(s);
    376 
    377 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
    378 
    379 #ifndef OPENSSL_NO_PSK
    380 	s->psk_client_callback=ctx->psk_client_callback;
    381 	s->psk_server_callback=ctx->psk_server_callback;
    382 #endif
    383 
    384 	return(s);
    385 err:
    386 	if (s != NULL)
    387 		{
    388 		if (s->cert != NULL)
    389 			ssl_cert_free(s->cert);
    390 		if (s->ctx != NULL)
    391 			SSL_CTX_free(s->ctx); /* decrement reference count */
    392 		OPENSSL_free(s);
    393 		}
    394 	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
    395 	return(NULL);
    396 	}
    397 
    398 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
    399 				   unsigned int sid_ctx_len)
    400     {
    401     if(sid_ctx_len > sizeof ctx->sid_ctx)
    402 	{
    403 	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    404 	return 0;
    405 	}
    406     ctx->sid_ctx_length=sid_ctx_len;
    407     memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
    408 
    409     return 1;
    410     }
    411 
    412 int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
    413 			       unsigned int sid_ctx_len)
    414     {
    415     if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
    416 	{
    417 	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    418 	return 0;
    419 	}
    420     ssl->sid_ctx_length=sid_ctx_len;
    421     memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
    422 
    423     return 1;
    424     }
    425 
    426 int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
    427 	{
    428 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
    429 	ctx->generate_session_id = cb;
    430 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
    431 	return 1;
    432 	}
    433 
    434 int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
    435 	{
    436 	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
    437 	ssl->generate_session_id = cb;
    438 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
    439 	return 1;
    440 	}
    441 
    442 int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
    443 				unsigned int id_len)
    444 	{
    445 	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
    446 	 * we can "construct" a session to give us the desired check - ie. to
    447 	 * find if there's a session in the hash table that would conflict with
    448 	 * any new session built out of this id/id_len and the ssl_version in
    449 	 * use by this SSL. */
    450 	SSL_SESSION r, *p;
    451 
    452 	if(id_len > sizeof r.session_id)
    453 		return 0;
    454 
    455 	r.ssl_version = ssl->version;
    456 	r.session_id_length = id_len;
    457 	memcpy(r.session_id, id, id_len);
    458 	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
    459 	 * callback is calling us to check the uniqueness of a shorter ID, it
    460 	 * must be compared as a padded-out ID because that is what it will be
    461 	 * converted to when the callback has finished choosing it. */
    462 	if((r.ssl_version == SSL2_VERSION) &&
    463 			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
    464 		{
    465 		memset(r.session_id + id_len, 0,
    466 			SSL2_SSL_SESSION_ID_LENGTH - id_len);
    467 		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
    468 		}
    469 
    470 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
    471 	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
    472 	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
    473 	return (p != NULL);
    474 	}
    475 
    476 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
    477 	{
    478 	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
    479 	}
    480 
    481 int SSL_set_purpose(SSL *s, int purpose)
    482 	{
    483 	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
    484 	}
    485 
    486 int SSL_CTX_set_trust(SSL_CTX *s, int trust)
    487 	{
    488 	return X509_VERIFY_PARAM_set_trust(s->param, trust);
    489 	}
    490 
    491 int SSL_set_trust(SSL *s, int trust)
    492 	{
    493 	return X509_VERIFY_PARAM_set_trust(s->param, trust);
    494 	}
    495 
    496 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
    497 	{
    498 	return X509_VERIFY_PARAM_set1(ctx->param, vpm);
    499 	}
    500 
    501 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
    502 	{
    503 	return X509_VERIFY_PARAM_set1(ssl->param, vpm);
    504 	}
    505 
    506 void SSL_free(SSL *s)
    507 	{
    508 	int i;
    509 
    510 	if(s == NULL)
    511 	    return;
    512 
    513 	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
    514 #ifdef REF_PRINT
    515 	REF_PRINT("SSL",s);
    516 #endif
    517 	if (i > 0) return;
    518 #ifdef REF_CHECK
    519 	if (i < 0)
    520 		{
    521 		fprintf(stderr,"SSL_free, bad reference count\n");
    522 		abort(); /* ok */
    523 		}
    524 #endif
    525 
    526 	if (s->param)
    527 		X509_VERIFY_PARAM_free(s->param);
    528 
    529 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
    530 
    531 	if (s->bbio != NULL)
    532 		{
    533 		/* If the buffering BIO is in place, pop it off */
    534 		if (s->bbio == s->wbio)
    535 			{
    536 			s->wbio=BIO_pop(s->wbio);
    537 			}
    538 		BIO_free(s->bbio);
    539 		s->bbio=NULL;
    540 		}
    541 	if (s->rbio != NULL)
    542 		BIO_free_all(s->rbio);
    543 	if ((s->wbio != NULL) && (s->wbio != s->rbio))
    544 		BIO_free_all(s->wbio);
    545 
    546 	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
    547 
    548 	/* add extra stuff */
    549 	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
    550 	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
    551 
    552 	/* Make the next call work :-) */
    553 	if (s->session != NULL)
    554 		{
    555 		ssl_clear_bad_session(s);
    556 		SSL_SESSION_free(s->session);
    557 		}
    558 
    559 	ssl_clear_cipher_ctx(s);
    560 	ssl_clear_hash_ctx(&s->read_hash);
    561 	ssl_clear_hash_ctx(&s->write_hash);
    562 
    563 	if (s->cert != NULL) ssl_cert_free(s->cert);
    564 	/* Free up if allocated */
    565 
    566 #ifndef OPENSSL_NO_TLSEXT
    567 	if (s->tlsext_hostname)
    568 		OPENSSL_free(s->tlsext_hostname);
    569 	if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
    570 #ifndef OPENSSL_NO_EC
    571 	if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
    572 	if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
    573 #endif /* OPENSSL_NO_EC */
    574 	if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
    575 	if (s->tlsext_ocsp_exts)
    576 		sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
    577 						X509_EXTENSION_free);
    578 	if (s->tlsext_ocsp_ids)
    579 		sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
    580 	if (s->tlsext_ocsp_resp)
    581 		OPENSSL_free(s->tlsext_ocsp_resp);
    582 	if (s->tlsext_channel_id_private)
    583 		EVP_PKEY_free(s->tlsext_channel_id_private);
    584 #endif
    585 
    586 	if (s->client_CA != NULL)
    587 		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
    588 
    589 	if (s->method != NULL) s->method->ssl_free(s);
    590 
    591 	if (s->ctx) SSL_CTX_free(s->ctx);
    592 
    593 #ifndef	OPENSSL_NO_KRB5
    594 	if (s->kssl_ctx != NULL)
    595 		kssl_ctx_free(s->kssl_ctx);
    596 #endif	/* OPENSSL_NO_KRB5 */
    597 
    598 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    599 	if (s->next_proto_negotiated)
    600 		OPENSSL_free(s->next_proto_negotiated);
    601 #endif
    602 
    603 #ifndef OPENSSL_NO_SRTP
    604         if (s->srtp_profiles)
    605             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
    606 #endif
    607 
    608 	OPENSSL_free(s);
    609 	}
    610 
    611 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
    612 	{
    613 	/* If the output buffering BIO is still in place, remove it
    614 	 */
    615 	if (s->bbio != NULL)
    616 		{
    617 		if (s->wbio == s->bbio)
    618 			{
    619 			s->wbio=s->wbio->next_bio;
    620 			s->bbio->next_bio=NULL;
    621 			}
    622 		}
    623 	if ((s->rbio != NULL) && (s->rbio != rbio))
    624 		BIO_free_all(s->rbio);
    625 	if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
    626 		BIO_free_all(s->wbio);
    627 	s->rbio=rbio;
    628 	s->wbio=wbio;
    629 	}
    630 
    631 BIO *SSL_get_rbio(const SSL *s)
    632 	{ return(s->rbio); }
    633 
    634 BIO *SSL_get_wbio(const SSL *s)
    635 	{ return(s->wbio); }
    636 
    637 int SSL_get_fd(const SSL *s)
    638 	{
    639 	return(SSL_get_rfd(s));
    640 	}
    641 
    642 int SSL_get_rfd(const SSL *s)
    643 	{
    644 	int ret= -1;
    645 	BIO *b,*r;
    646 
    647 	b=SSL_get_rbio(s);
    648 	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
    649 	if (r != NULL)
    650 		BIO_get_fd(r,&ret);
    651 	return(ret);
    652 	}
    653 
    654 int SSL_get_wfd(const SSL *s)
    655 	{
    656 	int ret= -1;
    657 	BIO *b,*r;
    658 
    659 	b=SSL_get_wbio(s);
    660 	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
    661 	if (r != NULL)
    662 		BIO_get_fd(r,&ret);
    663 	return(ret);
    664 	}
    665 
    666 #ifndef OPENSSL_NO_SOCK
    667 int SSL_set_fd(SSL *s,int fd)
    668 	{
    669 	int ret=0;
    670 	BIO *bio=NULL;
    671 
    672 	bio=BIO_new(BIO_s_socket());
    673 
    674 	if (bio == NULL)
    675 		{
    676 		SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
    677 		goto err;
    678 		}
    679 	BIO_set_fd(bio,fd,BIO_NOCLOSE);
    680 	SSL_set_bio(s,bio,bio);
    681 	ret=1;
    682 err:
    683 	return(ret);
    684 	}
    685 
    686 int SSL_set_wfd(SSL *s,int fd)
    687 	{
    688 	int ret=0;
    689 	BIO *bio=NULL;
    690 
    691 	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
    692 		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))
    693 		{
    694 		bio=BIO_new(BIO_s_socket());
    695 
    696 		if (bio == NULL)
    697 			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
    698 		BIO_set_fd(bio,fd,BIO_NOCLOSE);
    699 		SSL_set_bio(s,SSL_get_rbio(s),bio);
    700 		}
    701 	else
    702 		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
    703 	ret=1;
    704 err:
    705 	return(ret);
    706 	}
    707 
    708 int SSL_set_rfd(SSL *s,int fd)
    709 	{
    710 	int ret=0;
    711 	BIO *bio=NULL;
    712 
    713 	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
    714 		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))
    715 		{
    716 		bio=BIO_new(BIO_s_socket());
    717 
    718 		if (bio == NULL)
    719 			{
    720 			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
    721 			goto err;
    722 			}
    723 		BIO_set_fd(bio,fd,BIO_NOCLOSE);
    724 		SSL_set_bio(s,bio,SSL_get_wbio(s));
    725 		}
    726 	else
    727 		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
    728 	ret=1;
    729 err:
    730 	return(ret);
    731 	}
    732 #endif
    733 
    734 
    735 /* return length of latest Finished message we sent, copy to 'buf' */
    736 size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
    737 	{
    738 	size_t ret = 0;
    739 
    740 	if (s->s3 != NULL)
    741 		{
    742 		ret = s->s3->tmp.finish_md_len;
    743 		if (count > ret)
    744 			count = ret;
    745 		memcpy(buf, s->s3->tmp.finish_md, count);
    746 		}
    747 	return ret;
    748 	}
    749 
    750 /* return length of latest Finished message we expected, copy to 'buf' */
    751 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
    752 	{
    753 	size_t ret = 0;
    754 
    755 	if (s->s3 != NULL)
    756 		{
    757 		ret = s->s3->tmp.peer_finish_md_len;
    758 		if (count > ret)
    759 			count = ret;
    760 		memcpy(buf, s->s3->tmp.peer_finish_md, count);
    761 		}
    762 	return ret;
    763 	}
    764 
    765 
    766 int SSL_get_verify_mode(const SSL *s)
    767 	{
    768 	return(s->verify_mode);
    769 	}
    770 
    771 int SSL_get_verify_depth(const SSL *s)
    772 	{
    773 	return X509_VERIFY_PARAM_get_depth(s->param);
    774 	}
    775 
    776 int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
    777 	{
    778 	return(s->verify_callback);
    779 	}
    780 
    781 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
    782 	{
    783 	return(ctx->verify_mode);
    784 	}
    785 
    786 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
    787 	{
    788 	return X509_VERIFY_PARAM_get_depth(ctx->param);
    789 	}
    790 
    791 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
    792 	{
    793 	return(ctx->default_verify_callback);
    794 	}
    795 
    796 void SSL_set_verify(SSL *s,int mode,
    797 		    int (*callback)(int ok,X509_STORE_CTX *ctx))
    798 	{
    799 	s->verify_mode=mode;
    800 	if (callback != NULL)
    801 		s->verify_callback=callback;
    802 	}
    803 
    804 void SSL_set_verify_depth(SSL *s,int depth)
    805 	{
    806 	X509_VERIFY_PARAM_set_depth(s->param, depth);
    807 	}
    808 
    809 void SSL_set_read_ahead(SSL *s,int yes)
    810 	{
    811 	s->read_ahead=yes;
    812 	}
    813 
    814 int SSL_get_read_ahead(const SSL *s)
    815 	{
    816 	return(s->read_ahead);
    817 	}
    818 
    819 int SSL_pending(const SSL *s)
    820 	{
    821 	/* SSL_pending cannot work properly if read-ahead is enabled
    822 	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
    823 	 * and it is impossible to fix since SSL_pending cannot report
    824 	 * errors that may be observed while scanning the new data.
    825 	 * (Note that SSL_pending() is often used as a boolean value,
    826 	 * so we'd better not return -1.)
    827 	 */
    828 	return(s->method->ssl_pending(s));
    829 	}
    830 
    831 X509 *SSL_get_peer_certificate(const SSL *s)
    832 	{
    833 	X509 *r;
    834 
    835 	if ((s == NULL) || (s->session == NULL))
    836 		r=NULL;
    837 	else
    838 		r=s->session->peer;
    839 
    840 	if (r == NULL) return(r);
    841 
    842 	CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
    843 
    844 	return(r);
    845 	}
    846 
    847 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
    848 	{
    849 	STACK_OF(X509) *r;
    850 
    851 	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
    852 		r=NULL;
    853 	else
    854 		r=s->session->sess_cert->cert_chain;
    855 
    856 	/* If we are a client, cert_chain includes the peer's own
    857 	 * certificate; if we are a server, it does not. */
    858 
    859 	return(r);
    860 	}
    861 
    862 /* Now in theory, since the calling process own 't' it should be safe to
    863  * modify.  We need to be able to read f without being hassled */
    864 void SSL_copy_session_id(SSL *t,const SSL *f)
    865 	{
    866 	CERT *tmp;
    867 
    868 	/* Do we need to to SSL locking? */
    869 	SSL_set_session(t,SSL_get_session(f));
    870 
    871 	/* what if we are setup as SSLv2 but want to talk SSLv3 or
    872 	 * vice-versa */
    873 	if (t->method != f->method)
    874 		{
    875 		t->method->ssl_free(t);	/* cleanup current */
    876 		t->method=f->method;	/* change method */
    877 		t->method->ssl_new(t);	/* setup new */
    878 		}
    879 
    880 	tmp=t->cert;
    881 	if (f->cert != NULL)
    882 		{
    883 		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
    884 		t->cert=f->cert;
    885 		}
    886 	else
    887 		t->cert=NULL;
    888 	if (tmp != NULL) ssl_cert_free(tmp);
    889 	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
    890 	}
    891 
    892 /* Fix this so it checks all the valid key/cert options */
    893 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
    894 	{
    895 	if (	(ctx == NULL) ||
    896 		(ctx->cert == NULL) ||
    897 		(ctx->cert->key->x509 == NULL))
    898 		{
    899 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
    900 		return(0);
    901 		}
    902 	if 	(ctx->cert->key->privatekey == NULL)
    903 		{
    904 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
    905 		return(0);
    906 		}
    907 	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
    908 	}
    909 
    910 /* Fix this function so that it takes an optional type parameter */
    911 int SSL_check_private_key(const SSL *ssl)
    912 	{
    913 	if (ssl == NULL)
    914 		{
    915 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
    916 		return(0);
    917 		}
    918 	if (ssl->cert == NULL)
    919 		{
    920 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
    921 		return 0;
    922 		}
    923 	if (ssl->cert->key->x509 == NULL)
    924 		{
    925 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
    926 		return(0);
    927 		}
    928 	if (ssl->cert->key->privatekey == NULL)
    929 		{
    930 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
    931 		return(0);
    932 		}
    933 	return(X509_check_private_key(ssl->cert->key->x509,
    934 		ssl->cert->key->privatekey));
    935 	}
    936 
    937 int SSL_accept(SSL *s)
    938 	{
    939 	if (s->handshake_func == 0)
    940 		/* Not properly initialized yet */
    941 		SSL_set_accept_state(s);
    942 
    943 	return(s->method->ssl_accept(s));
    944 	}
    945 
    946 int SSL_connect(SSL *s)
    947 	{
    948 	if (s->handshake_func == 0)
    949 		/* Not properly initialized yet */
    950 		SSL_set_connect_state(s);
    951 
    952 	return(s->method->ssl_connect(s));
    953 	}
    954 
    955 long SSL_get_default_timeout(const SSL *s)
    956 	{
    957 	return(s->method->get_timeout());
    958 	}
    959 
    960 int SSL_read(SSL *s,void *buf,int num)
    961 	{
    962 	if (s->handshake_func == 0)
    963 		{
    964 		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
    965 		return -1;
    966 		}
    967 
    968 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
    969 		{
    970 		s->rwstate=SSL_NOTHING;
    971 		return(0);
    972 		}
    973 	return(s->method->ssl_read(s,buf,num));
    974 	}
    975 
    976 int SSL_peek(SSL *s,void *buf,int num)
    977 	{
    978 	if (s->handshake_func == 0)
    979 		{
    980 		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
    981 		return -1;
    982 		}
    983 
    984 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
    985 		{
    986 		return(0);
    987 		}
    988 	return(s->method->ssl_peek(s,buf,num));
    989 	}
    990 
    991 int SSL_write(SSL *s,const void *buf,int num)
    992 	{
    993 	if (s->handshake_func == 0)
    994 		{
    995 		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
    996 		return -1;
    997 		}
    998 
    999 	if (s->shutdown & SSL_SENT_SHUTDOWN)
   1000 		{
   1001 		s->rwstate=SSL_NOTHING;
   1002 		SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
   1003 		return(-1);
   1004 		}
   1005 	return(s->method->ssl_write(s,buf,num));
   1006 	}
   1007 
   1008 int SSL_shutdown(SSL *s)
   1009 	{
   1010 	/* Note that this function behaves differently from what one might
   1011 	 * expect.  Return values are 0 for no success (yet),
   1012 	 * 1 for success; but calling it once is usually not enough,
   1013 	 * even if blocking I/O is used (see ssl3_shutdown).
   1014 	 */
   1015 
   1016 	if (s->handshake_func == 0)
   1017 		{
   1018 		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
   1019 		return -1;
   1020 		}
   1021 
   1022 	if ((s != NULL) && !SSL_in_init(s))
   1023 		return(s->method->ssl_shutdown(s));
   1024 	else
   1025 		return(1);
   1026 	}
   1027 
   1028 int SSL_renegotiate(SSL *s)
   1029 	{
   1030 	if (s->renegotiate == 0)
   1031 		s->renegotiate=1;
   1032 
   1033 	s->new_session=1;
   1034 
   1035 	return(s->method->ssl_renegotiate(s));
   1036 	}
   1037 
   1038 int SSL_renegotiate_abbreviated(SSL *s)
   1039 	{
   1040 	if (s->renegotiate == 0)
   1041 		s->renegotiate=1;
   1042 
   1043 	s->new_session=0;
   1044 
   1045 	return(s->method->ssl_renegotiate(s));
   1046 	}
   1047 
   1048 int SSL_renegotiate_pending(SSL *s)
   1049 	{
   1050 	/* becomes true when negotiation is requested;
   1051 	 * false again once a handshake has finished */
   1052 	return (s->renegotiate != 0);
   1053 	}
   1054 
   1055 long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
   1056 	{
   1057 	long l;
   1058 
   1059 	switch (cmd)
   1060 		{
   1061 	case SSL_CTRL_GET_READ_AHEAD:
   1062 		return(s->read_ahead);
   1063 	case SSL_CTRL_SET_READ_AHEAD:
   1064 		l=s->read_ahead;
   1065 		s->read_ahead=larg;
   1066 		return(l);
   1067 
   1068 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
   1069 		s->msg_callback_arg = parg;
   1070 		return 1;
   1071 
   1072 	case SSL_CTRL_OPTIONS:
   1073 		return(s->options|=larg);
   1074 	case SSL_CTRL_CLEAR_OPTIONS:
   1075 		return(s->options&=~larg);
   1076 	case SSL_CTRL_MODE:
   1077 		return(s->mode|=larg);
   1078 	case SSL_CTRL_CLEAR_MODE:
   1079 		return(s->mode &=~larg);
   1080 	case SSL_CTRL_GET_MAX_CERT_LIST:
   1081 		return(s->max_cert_list);
   1082 	case SSL_CTRL_SET_MAX_CERT_LIST:
   1083 		l=s->max_cert_list;
   1084 		s->max_cert_list=larg;
   1085 		return(l);
   1086 	case SSL_CTRL_SET_MTU:
   1087 #ifndef OPENSSL_NO_DTLS1
   1088 		if (larg < (long)dtls1_min_mtu())
   1089 			return 0;
   1090 #endif
   1091 
   1092 		if (SSL_version(s) == DTLS1_VERSION ||
   1093 		    SSL_version(s) == DTLS1_BAD_VER)
   1094 			{
   1095 			s->d1->mtu = larg;
   1096 			return larg;
   1097 			}
   1098 		return 0;
   1099 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
   1100 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
   1101 			return 0;
   1102 		s->max_send_fragment = larg;
   1103 		return 1;
   1104 	case SSL_CTRL_GET_RI_SUPPORT:
   1105 		if (s->s3)
   1106 			return s->s3->send_connection_binding;
   1107 		else return 0;
   1108 	default:
   1109 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
   1110 		}
   1111 	}
   1112 
   1113 long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
   1114 	{
   1115 	switch(cmd)
   1116 		{
   1117 	case SSL_CTRL_SET_MSG_CALLBACK:
   1118 		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
   1119 		return 1;
   1120 
   1121 	default:
   1122 		return(s->method->ssl_callback_ctrl(s,cmd,fp));
   1123 		}
   1124 	}
   1125 
   1126 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
   1127 	{
   1128 	return ctx->sessions;
   1129 	}
   1130 
   1131 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
   1132 	{
   1133 	long l;
   1134 
   1135 	switch (cmd)
   1136 		{
   1137 	case SSL_CTRL_GET_READ_AHEAD:
   1138 		return(ctx->read_ahead);
   1139 	case SSL_CTRL_SET_READ_AHEAD:
   1140 		l=ctx->read_ahead;
   1141 		ctx->read_ahead=larg;
   1142 		return(l);
   1143 
   1144 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
   1145 		ctx->msg_callback_arg = parg;
   1146 		return 1;
   1147 
   1148 	case SSL_CTRL_GET_MAX_CERT_LIST:
   1149 		return(ctx->max_cert_list);
   1150 	case SSL_CTRL_SET_MAX_CERT_LIST:
   1151 		l=ctx->max_cert_list;
   1152 		ctx->max_cert_list=larg;
   1153 		return(l);
   1154 
   1155 	case SSL_CTRL_SET_SESS_CACHE_SIZE:
   1156 		l=ctx->session_cache_size;
   1157 		ctx->session_cache_size=larg;
   1158 		return(l);
   1159 	case SSL_CTRL_GET_SESS_CACHE_SIZE:
   1160 		return(ctx->session_cache_size);
   1161 	case SSL_CTRL_SET_SESS_CACHE_MODE:
   1162 		l=ctx->session_cache_mode;
   1163 		ctx->session_cache_mode=larg;
   1164 		return(l);
   1165 	case SSL_CTRL_GET_SESS_CACHE_MODE:
   1166 		return(ctx->session_cache_mode);
   1167 
   1168 	case SSL_CTRL_SESS_NUMBER:
   1169 		return(lh_SSL_SESSION_num_items(ctx->sessions));
   1170 	case SSL_CTRL_SESS_CONNECT:
   1171 		return(ctx->stats.sess_connect);
   1172 	case SSL_CTRL_SESS_CONNECT_GOOD:
   1173 		return(ctx->stats.sess_connect_good);
   1174 	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
   1175 		return(ctx->stats.sess_connect_renegotiate);
   1176 	case SSL_CTRL_SESS_ACCEPT:
   1177 		return(ctx->stats.sess_accept);
   1178 	case SSL_CTRL_SESS_ACCEPT_GOOD:
   1179 		return(ctx->stats.sess_accept_good);
   1180 	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
   1181 		return(ctx->stats.sess_accept_renegotiate);
   1182 	case SSL_CTRL_SESS_HIT:
   1183 		return(ctx->stats.sess_hit);
   1184 	case SSL_CTRL_SESS_CB_HIT:
   1185 		return(ctx->stats.sess_cb_hit);
   1186 	case SSL_CTRL_SESS_MISSES:
   1187 		return(ctx->stats.sess_miss);
   1188 	case SSL_CTRL_SESS_TIMEOUTS:
   1189 		return(ctx->stats.sess_timeout);
   1190 	case SSL_CTRL_SESS_CACHE_FULL:
   1191 		return(ctx->stats.sess_cache_full);
   1192 	case SSL_CTRL_OPTIONS:
   1193 		return(ctx->options|=larg);
   1194 	case SSL_CTRL_CLEAR_OPTIONS:
   1195 		return(ctx->options&=~larg);
   1196 	case SSL_CTRL_MODE:
   1197 		return(ctx->mode|=larg);
   1198 	case SSL_CTRL_CLEAR_MODE:
   1199 		return(ctx->mode&=~larg);
   1200 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
   1201 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
   1202 			return 0;
   1203 		ctx->max_send_fragment = larg;
   1204 		return 1;
   1205 	default:
   1206 		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
   1207 		}
   1208 	}
   1209 
   1210 long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
   1211 	{
   1212 	switch(cmd)
   1213 		{
   1214 	case SSL_CTRL_SET_MSG_CALLBACK:
   1215 		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
   1216 		return 1;
   1217 
   1218 	default:
   1219 		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
   1220 		}
   1221 	}
   1222 
   1223 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
   1224 	{
   1225 	long l;
   1226 
   1227 	l=a->id-b->id;
   1228 	if (l == 0L)
   1229 		return(0);
   1230 	else
   1231 		return((l > 0)?1:-1);
   1232 	}
   1233 
   1234 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
   1235 			const SSL_CIPHER * const *bp)
   1236 	{
   1237 	long l;
   1238 
   1239 	l=(*ap)->id-(*bp)->id;
   1240 	if (l == 0L)
   1241 		return(0);
   1242 	else
   1243 		return((l > 0)?1:-1);
   1244 	}
   1245 
   1246 /** return a STACK of the ciphers available for the SSL and in order of
   1247  * preference */
   1248 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
   1249 	{
   1250 	if (s != NULL)
   1251 		{
   1252 		if (s->cipher_list != NULL)
   1253 			{
   1254 			return(s->cipher_list);
   1255 			}
   1256 		else if ((s->ctx != NULL) &&
   1257 			(s->ctx->cipher_list != NULL))
   1258 			{
   1259 			return(s->ctx->cipher_list);
   1260 			}
   1261 		}
   1262 	return(NULL);
   1263 	}
   1264 
   1265 /** return a STACK of the ciphers available for the SSL and in order of
   1266  * algorithm id */
   1267 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
   1268 	{
   1269 	if (s != NULL)
   1270 		{
   1271 		if (s->cipher_list_by_id != NULL)
   1272 			{
   1273 			return(s->cipher_list_by_id);
   1274 			}
   1275 		else if ((s->ctx != NULL) &&
   1276 			(s->ctx->cipher_list_by_id != NULL))
   1277 			{
   1278 			return(s->ctx->cipher_list_by_id);
   1279 			}
   1280 		}
   1281 	return(NULL);
   1282 	}
   1283 
   1284 /** The old interface to get the same thing as SSL_get_ciphers() */
   1285 const char *SSL_get_cipher_list(const SSL *s,int n)
   1286 	{
   1287 	SSL_CIPHER *c;
   1288 	STACK_OF(SSL_CIPHER) *sk;
   1289 
   1290 	if (s == NULL) return(NULL);
   1291 	sk=SSL_get_ciphers(s);
   1292 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
   1293 		return(NULL);
   1294 	c=sk_SSL_CIPHER_value(sk,n);
   1295 	if (c == NULL) return(NULL);
   1296 	return(c->name);
   1297 	}
   1298 
   1299 /** specify the ciphers to be used by default by the SSL_CTX */
   1300 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
   1301 	{
   1302 	STACK_OF(SSL_CIPHER) *sk;
   1303 
   1304 	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
   1305 		&ctx->cipher_list_by_id,str);
   1306 	/* ssl_create_cipher_list may return an empty stack if it
   1307 	 * was unable to find a cipher matching the given rule string
   1308 	 * (for example if the rule string specifies a cipher which
   1309 	 * has been disabled). This is not an error as far as
   1310 	 * ssl_create_cipher_list is concerned, and hence
   1311 	 * ctx->cipher_list and ctx->cipher_list_by_id has been
   1312 	 * updated. */
   1313 	if (sk == NULL)
   1314 		return 0;
   1315 	else if (sk_SSL_CIPHER_num(sk) == 0)
   1316 		{
   1317 		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
   1318 		return 0;
   1319 		}
   1320 	return 1;
   1321 	}
   1322 
   1323 /** specify the ciphers to be used by the SSL */
   1324 int SSL_set_cipher_list(SSL *s,const char *str)
   1325 	{
   1326 	STACK_OF(SSL_CIPHER) *sk;
   1327 
   1328 	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
   1329 		&s->cipher_list_by_id,str);
   1330 	/* see comment in SSL_CTX_set_cipher_list */
   1331 	if (sk == NULL)
   1332 		return 0;
   1333 	else if (sk_SSL_CIPHER_num(sk) == 0)
   1334 		{
   1335 		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
   1336 		return 0;
   1337 		}
   1338 	return 1;
   1339 	}
   1340 
   1341 /** specify the ciphers to be used by the SSL */
   1342 int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
   1343 	{
   1344 	STACK_OF(SSL_CIPHER) *tmp_cipher_list;
   1345 
   1346 	if (sk == NULL)
   1347 		return 0;
   1348 
   1349         /* Based on end of ssl_create_cipher_list */
   1350 	tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
   1351 	if (tmp_cipher_list == NULL)
   1352 		{
   1353 		return 0;
   1354 		}
   1355 	if (s->cipher_list != NULL)
   1356 		sk_SSL_CIPHER_free(s->cipher_list);
   1357 	s->cipher_list = sk;
   1358 	if (s->cipher_list_by_id != NULL)
   1359 		sk_SSL_CIPHER_free(s->cipher_list_by_id);
   1360 	s->cipher_list_by_id = tmp_cipher_list;
   1361 	(void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
   1362 
   1363 	sk_SSL_CIPHER_sort(s->cipher_list_by_id);
   1364 	return 1;
   1365 	}
   1366 
   1367 /* works well for SSLv2, not so good for SSLv3 */
   1368 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
   1369 	{
   1370 	char *p;
   1371 	STACK_OF(SSL_CIPHER) *sk;
   1372 	SSL_CIPHER *c;
   1373 	int i;
   1374 
   1375 	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
   1376 		(len < 2))
   1377 		return(NULL);
   1378 
   1379 	p=buf;
   1380 	sk=s->session->ciphers;
   1381 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
   1382 		{
   1383 		int n;
   1384 
   1385 		c=sk_SSL_CIPHER_value(sk,i);
   1386 		n=strlen(c->name);
   1387 		if (n+1 > len)
   1388 			{
   1389 			if (p != buf)
   1390 				--p;
   1391 			*p='\0';
   1392 			return buf;
   1393 			}
   1394 		strcpy(p,c->name);
   1395 		p+=n;
   1396 		*(p++)=':';
   1397 		len-=n+1;
   1398 		}
   1399 	p[-1]='\0';
   1400 	return(buf);
   1401 	}
   1402 
   1403 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
   1404 			     int (*put_cb)(const SSL_CIPHER *, unsigned char *))
   1405 	{
   1406 	int i,j=0;
   1407 	SSL_CIPHER *c;
   1408 	unsigned char *q;
   1409 #ifndef OPENSSL_NO_KRB5
   1410 	int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
   1411 #endif /* OPENSSL_NO_KRB5 */
   1412 
   1413 	if (sk == NULL) return(0);
   1414 	q=p;
   1415 
   1416 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
   1417 		{
   1418 		c=sk_SSL_CIPHER_value(sk,i);
   1419 		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
   1420 		if ((c->algorithm_ssl & SSL_TLSV1_2) &&
   1421 			(TLS1_get_client_version(s) < TLS1_2_VERSION))
   1422 			continue;
   1423 #ifndef OPENSSL_NO_KRB5
   1424 		if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
   1425 		    nokrb5)
   1426 		    continue;
   1427 #endif /* OPENSSL_NO_KRB5 */
   1428 #ifndef OPENSSL_NO_PSK
   1429 		/* with PSK there must be client callback set */
   1430 		if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
   1431 		    s->psk_client_callback == NULL)
   1432 			continue;
   1433 #endif /* OPENSSL_NO_PSK */
   1434 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
   1435 		p+=j;
   1436 		}
   1437 	/* If p == q, no ciphers and caller indicates an error. Otherwise
   1438 	 * add SCSV if not renegotiating.
   1439 	 */
   1440 	if (p != q && !s->renegotiate)
   1441 		{
   1442 		static SSL_CIPHER scsv =
   1443 			{
   1444 			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
   1445 			};
   1446 		j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
   1447 		p+=j;
   1448 #ifdef OPENSSL_RI_DEBUG
   1449 		fprintf(stderr, "SCSV sent by client\n");
   1450 #endif
   1451 		}
   1452 
   1453 	return(p-q);
   1454 	}
   1455 
   1456 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
   1457 					       STACK_OF(SSL_CIPHER) **skp)
   1458 	{
   1459 	const SSL_CIPHER *c;
   1460 	STACK_OF(SSL_CIPHER) *sk;
   1461 	int i,n;
   1462 	if (s->s3)
   1463 		s->s3->send_connection_binding = 0;
   1464 
   1465 	n=ssl_put_cipher_by_char(s,NULL,NULL);
   1466 	if ((num%n) != 0)
   1467 		{
   1468 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
   1469 		return(NULL);
   1470 		}
   1471 	if ((skp == NULL) || (*skp == NULL))
   1472 		sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
   1473 	else
   1474 		{
   1475 		sk= *skp;
   1476 		sk_SSL_CIPHER_zero(sk);
   1477 		}
   1478 
   1479 	for (i=0; i<num; i+=n)
   1480 		{
   1481 		/* Check for SCSV */
   1482 		if (s->s3 && (n != 3 || !p[0]) &&
   1483 			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
   1484 			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
   1485 			{
   1486 			/* SCSV fatal if renegotiating */
   1487 			if (s->renegotiate)
   1488 				{
   1489 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
   1490 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
   1491 				goto err;
   1492 				}
   1493 			s->s3->send_connection_binding = 1;
   1494 			p += n;
   1495 #ifdef OPENSSL_RI_DEBUG
   1496 			fprintf(stderr, "SCSV received by server\n");
   1497 #endif
   1498 			continue;
   1499 			}
   1500 
   1501 		c=ssl_get_cipher_by_char(s,p);
   1502 		p+=n;
   1503 		if (c != NULL)
   1504 			{
   1505 			if (!sk_SSL_CIPHER_push(sk,c))
   1506 				{
   1507 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
   1508 				goto err;
   1509 				}
   1510 			}
   1511 		}
   1512 
   1513 	if (skp != NULL)
   1514 		*skp=sk;
   1515 	return(sk);
   1516 err:
   1517 	if ((skp == NULL) || (*skp == NULL))
   1518 		sk_SSL_CIPHER_free(sk);
   1519 	return(NULL);
   1520 	}
   1521 
   1522 
   1523 #ifndef OPENSSL_NO_TLSEXT
   1524 /** return a servername extension value if provided in Client Hello, or NULL.
   1525  * So far, only host_name types are defined (RFC 3546).
   1526  */
   1527 
   1528 const char *SSL_get_servername(const SSL *s, const int type)
   1529 	{
   1530 	if (type != TLSEXT_NAMETYPE_host_name)
   1531 		return NULL;
   1532 
   1533 	return s->session && !s->tlsext_hostname ?
   1534 		s->session->tlsext_hostname :
   1535 		s->tlsext_hostname;
   1536 	}
   1537 
   1538 int SSL_get_servername_type(const SSL *s)
   1539 	{
   1540 	if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
   1541 		return TLSEXT_NAMETYPE_host_name;
   1542 	return -1;
   1543 	}
   1544 
   1545 # ifndef OPENSSL_NO_NEXTPROTONEG
   1546 /* SSL_select_next_proto implements the standard protocol selection. It is
   1547  * expected that this function is called from the callback set by
   1548  * SSL_CTX_set_next_proto_select_cb.
   1549  *
   1550  * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
   1551  * strings. The length byte itself is not included in the length. A byte
   1552  * string of length 0 is invalid. No byte string may be truncated.
   1553  *
   1554  * The current, but experimental algorithm for selecting the protocol is:
   1555  *
   1556  * 1) If the server doesn't support NPN then this is indicated to the
   1557  * callback. In this case, the client application has to abort the connection
   1558  * or have a default application level protocol.
   1559  *
   1560  * 2) If the server supports NPN, but advertises an empty list then the
   1561  * client selects the first protcol in its list, but indicates via the
   1562  * API that this fallback case was enacted.
   1563  *
   1564  * 3) Otherwise, the client finds the first protocol in the server's list
   1565  * that it supports and selects this protocol. This is because it's
   1566  * assumed that the server has better information about which protocol
   1567  * a client should use.
   1568  *
   1569  * 4) If the client doesn't support any of the server's advertised
   1570  * protocols, then this is treated the same as case 2.
   1571  *
   1572  * It returns either
   1573  * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
   1574  * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
   1575  */
   1576 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
   1577 	{
   1578 	unsigned int i, j;
   1579 	const unsigned char *result;
   1580 	int status = OPENSSL_NPN_UNSUPPORTED;
   1581 
   1582 	/* For each protocol in server preference order, see if we support it. */
   1583 	for (i = 0; i < server_len; )
   1584 		{
   1585 		for (j = 0; j < client_len; )
   1586 			{
   1587 			if (server[i] == client[j] &&
   1588 			    memcmp(&server[i+1], &client[j+1], server[i]) == 0)
   1589 				{
   1590 				/* We found a match */
   1591 				result = &server[i];
   1592 				status = OPENSSL_NPN_NEGOTIATED;
   1593 				goto found;
   1594 				}
   1595 			j += client[j];
   1596 			j++;
   1597 			}
   1598 		i += server[i];
   1599 		i++;
   1600 		}
   1601 
   1602 	/* There's no overlap between our protocols and the server's list. */
   1603 	result = client;
   1604 	status = OPENSSL_NPN_NO_OVERLAP;
   1605 
   1606 	found:
   1607 	*out = (unsigned char *) result + 1;
   1608 	*outlen = result[0];
   1609 	return status;
   1610 	}
   1611 
   1612 /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
   1613  * requested protocol for this connection and returns 0. If the client didn't
   1614  * request any protocol, then *data is set to NULL.
   1615  *
   1616  * Note that the client can request any protocol it chooses. The value returned
   1617  * from this function need not be a member of the list of supported protocols
   1618  * provided by the callback.
   1619  */
   1620 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
   1621 	{
   1622 	*data = s->next_proto_negotiated;
   1623 	if (!*data) {
   1624 		*len = 0;
   1625 	} else {
   1626 		*len = s->next_proto_negotiated_len;
   1627 	}
   1628 }
   1629 
   1630 /* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
   1631  * TLS server needs a list of supported protocols for Next Protocol
   1632  * Negotiation. The returned list must be in wire format.  The list is returned
   1633  * by setting |out| to point to it and |outlen| to its length. This memory will
   1634  * not be modified, but one should assume that the SSL* keeps a reference to
   1635  * it.
   1636  *
   1637  * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
   1638  * such extension will be included in the ServerHello. */
   1639 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
   1640 	{
   1641 	ctx->next_protos_advertised_cb = cb;
   1642 	ctx->next_protos_advertised_cb_arg = arg;
   1643 	}
   1644 
   1645 /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
   1646  * client needs to select a protocol from the server's provided list. |out|
   1647  * must be set to point to the selected protocol (which may be within |in|).
   1648  * The length of the protocol name must be written into |outlen|. The server's
   1649  * advertised protocols are provided in |in| and |inlen|. The callback can
   1650  * assume that |in| is syntactically valid.
   1651  *
   1652  * The client must select a protocol. It is fatal to the connection if this
   1653  * callback returns a value other than SSL_TLSEXT_ERR_OK.
   1654  */
   1655 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
   1656 	{
   1657 	ctx->next_proto_select_cb = cb;
   1658 	ctx->next_proto_select_cb_arg = arg;
   1659 	}
   1660 # endif
   1661 #endif
   1662 
   1663 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
   1664 	const char *label, size_t llen, const unsigned char *p, size_t plen,
   1665 	int use_context)
   1666 	{
   1667 	if (s->version < TLS1_VERSION)
   1668 		return -1;
   1669 
   1670 	return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
   1671 							   llen, p, plen,
   1672 							   use_context);
   1673 	}
   1674 
   1675 static unsigned long ssl_session_hash(const SSL_SESSION *a)
   1676 	{
   1677 	unsigned long l;
   1678 
   1679 	l=(unsigned long)
   1680 		((unsigned int) a->session_id[0]     )|
   1681 		((unsigned int) a->session_id[1]<< 8L)|
   1682 		((unsigned long)a->session_id[2]<<16L)|
   1683 		((unsigned long)a->session_id[3]<<24L);
   1684 	return(l);
   1685 	}
   1686 
   1687 /* NB: If this function (or indeed the hash function which uses a sort of
   1688  * coarser function than this one) is changed, ensure
   1689  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
   1690  * able to construct an SSL_SESSION that will collide with any existing session
   1691  * with a matching session ID. */
   1692 static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
   1693 	{
   1694 	if (a->ssl_version != b->ssl_version)
   1695 		return(1);
   1696 	if (a->session_id_length != b->session_id_length)
   1697 		return(1);
   1698 	return(memcmp(a->session_id,b->session_id,a->session_id_length));
   1699 	}
   1700 
   1701 /* These wrapper functions should remain rather than redeclaring
   1702  * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
   1703  * variable. The reason is that the functions aren't static, they're exposed via
   1704  * ssl.h. */
   1705 static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
   1706 static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
   1707 
   1708 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
   1709 	{
   1710 	SSL_CTX *ret=NULL;
   1711 
   1712 	if (meth == NULL)
   1713 		{
   1714 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
   1715 		return(NULL);
   1716 		}
   1717 
   1718 #ifdef OPENSSL_FIPS
   1719 	if (FIPS_mode() && (meth->version < TLS1_VERSION))
   1720 		{
   1721 		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
   1722 		return NULL;
   1723 		}
   1724 #endif
   1725 
   1726 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
   1727 		{
   1728 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
   1729 		goto err;
   1730 		}
   1731 	ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
   1732 	if (ret == NULL)
   1733 		goto err;
   1734 
   1735 	memset(ret,0,sizeof(SSL_CTX));
   1736 
   1737 	ret->method=meth;
   1738 
   1739 	ret->cert_store=NULL;
   1740 	ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
   1741 	ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
   1742 	ret->session_cache_head=NULL;
   1743 	ret->session_cache_tail=NULL;
   1744 
   1745 	/* We take the system default */
   1746 	ret->session_timeout=meth->get_timeout();
   1747 
   1748 	ret->new_session_cb=0;
   1749 	ret->remove_session_cb=0;
   1750 	ret->get_session_cb=0;
   1751 	ret->generate_session_id=0;
   1752 
   1753 	memset((char *)&ret->stats,0,sizeof(ret->stats));
   1754 
   1755 	ret->references=1;
   1756 	ret->quiet_shutdown=0;
   1757 
   1758 /*	ret->cipher=NULL;*/
   1759 /*	ret->s2->challenge=NULL;
   1760 	ret->master_key=NULL;
   1761 	ret->key_arg=NULL;
   1762 	ret->s2->conn_id=NULL; */
   1763 
   1764 	ret->info_callback=NULL;
   1765 
   1766 	ret->app_verify_callback=0;
   1767 	ret->app_verify_arg=NULL;
   1768 
   1769 	ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
   1770 	ret->read_ahead=0;
   1771 	ret->msg_callback=0;
   1772 	ret->msg_callback_arg=NULL;
   1773 	ret->verify_mode=SSL_VERIFY_NONE;
   1774 #if 0
   1775 	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
   1776 #endif
   1777 	ret->sid_ctx_length=0;
   1778 	ret->default_verify_callback=NULL;
   1779 	if ((ret->cert=ssl_cert_new()) == NULL)
   1780 		goto err;
   1781 
   1782 	ret->default_passwd_callback=0;
   1783 	ret->default_passwd_callback_userdata=NULL;
   1784 	ret->client_cert_cb=0;
   1785 	ret->app_gen_cookie_cb=0;
   1786 	ret->app_verify_cookie_cb=0;
   1787 
   1788 	ret->sessions=lh_SSL_SESSION_new();
   1789 	if (ret->sessions == NULL) goto err;
   1790 	ret->cert_store=X509_STORE_new();
   1791 	if (ret->cert_store == NULL) goto err;
   1792 
   1793 	ssl_create_cipher_list(ret->method,
   1794 		&ret->cipher_list,&ret->cipher_list_by_id,
   1795 		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
   1796 	if (ret->cipher_list == NULL
   1797 	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
   1798 		{
   1799 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
   1800 		goto err2;
   1801 		}
   1802 
   1803 	ret->param = X509_VERIFY_PARAM_new();
   1804 	if (!ret->param)
   1805 		goto err;
   1806 
   1807 	if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
   1808 		{
   1809 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
   1810 		goto err2;
   1811 		}
   1812 	if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
   1813 		{
   1814 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
   1815 		goto err2;
   1816 		}
   1817 	if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
   1818 		{
   1819 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
   1820 		goto err2;
   1821 		}
   1822 
   1823 	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
   1824 		goto err;
   1825 
   1826 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
   1827 
   1828 	ret->extra_certs=NULL;
   1829 	ret->comp_methods=SSL_COMP_get_compression_methods();
   1830 
   1831 	ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
   1832 
   1833 #ifndef OPENSSL_NO_TLSEXT
   1834 	ret->tlsext_servername_callback = 0;
   1835 	ret->tlsext_servername_arg = NULL;
   1836 	/* Setup RFC4507 ticket keys */
   1837 	if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
   1838 		|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
   1839 		|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
   1840 		ret->options |= SSL_OP_NO_TICKET;
   1841 
   1842 	ret->tlsext_status_cb = 0;
   1843 	ret->tlsext_status_arg = NULL;
   1844 
   1845 # ifndef OPENSSL_NO_NEXTPROTONEG
   1846 	ret->next_protos_advertised_cb = 0;
   1847 	ret->next_proto_select_cb = 0;
   1848 # endif
   1849 #endif
   1850 #ifndef OPENSSL_NO_PSK
   1851 	ret->psk_identity_hint=NULL;
   1852 	ret->psk_client_callback=NULL;
   1853 	ret->psk_server_callback=NULL;
   1854 #endif
   1855 #ifndef OPENSSL_NO_SRP
   1856 	SSL_CTX_SRP_CTX_init(ret);
   1857 #endif
   1858 #ifndef OPENSSL_NO_BUF_FREELISTS
   1859 	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
   1860 	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
   1861 	if (!ret->rbuf_freelist)
   1862 		goto err;
   1863 	ret->rbuf_freelist->chunklen = 0;
   1864 	ret->rbuf_freelist->len = 0;
   1865 	ret->rbuf_freelist->head = NULL;
   1866 	ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
   1867 	if (!ret->wbuf_freelist)
   1868 		{
   1869 		OPENSSL_free(ret->rbuf_freelist);
   1870 		goto err;
   1871 		}
   1872 	ret->wbuf_freelist->chunklen = 0;
   1873 	ret->wbuf_freelist->len = 0;
   1874 	ret->wbuf_freelist->head = NULL;
   1875 #endif
   1876 #ifndef OPENSSL_NO_ENGINE
   1877 	ret->client_cert_engine = NULL;
   1878 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
   1879 #define eng_strx(x)	#x
   1880 #define eng_str(x)	eng_strx(x)
   1881 	/* Use specific client engine automatically... ignore errors */
   1882 	{
   1883 	ENGINE *eng;
   1884 	eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
   1885 	if (!eng)
   1886 		{
   1887 		ERR_clear_error();
   1888 		ENGINE_load_builtin_engines();
   1889 		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
   1890 		}
   1891 	if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
   1892 		ERR_clear_error();
   1893 	}
   1894 #endif
   1895 #endif
   1896 	/* Default is to connect to non-RI servers. When RI is more widely
   1897 	 * deployed might change this.
   1898 	 */
   1899 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
   1900 
   1901 	return(ret);
   1902 err:
   1903 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
   1904 err2:
   1905 	if (ret != NULL) SSL_CTX_free(ret);
   1906 	return(NULL);
   1907 	}
   1908 
   1909 #if 0
   1910 static void SSL_COMP_free(SSL_COMP *comp)
   1911     { OPENSSL_free(comp); }
   1912 #endif
   1913 
   1914 #ifndef OPENSSL_NO_BUF_FREELISTS
   1915 static void
   1916 ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
   1917 	{
   1918 	SSL3_BUF_FREELIST_ENTRY *ent, *next;
   1919 	for (ent = list->head; ent; ent = next)
   1920 		{
   1921 		next = ent->next;
   1922 		OPENSSL_free(ent);
   1923 		}
   1924 	OPENSSL_free(list);
   1925 	}
   1926 #endif
   1927 
   1928 void SSL_CTX_free(SSL_CTX *a)
   1929 	{
   1930 	int i;
   1931 
   1932 	if (a == NULL) return;
   1933 
   1934 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
   1935 #ifdef REF_PRINT
   1936 	REF_PRINT("SSL_CTX",a);
   1937 #endif
   1938 	if (i > 0) return;
   1939 #ifdef REF_CHECK
   1940 	if (i < 0)
   1941 		{
   1942 		fprintf(stderr,"SSL_CTX_free, bad reference count\n");
   1943 		abort(); /* ok */
   1944 		}
   1945 #endif
   1946 
   1947 	if (a->param)
   1948 		X509_VERIFY_PARAM_free(a->param);
   1949 
   1950 	/*
   1951 	 * Free internal session cache. However: the remove_cb() may reference
   1952 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
   1953 	 * after the sessions were flushed.
   1954 	 * As the ex_data handling routines might also touch the session cache,
   1955 	 * the most secure solution seems to be: empty (flush) the cache, then
   1956 	 * free ex_data, then finally free the cache.
   1957 	 * (See ticket [openssl.org #212].)
   1958 	 */
   1959 	if (a->sessions != NULL)
   1960 		SSL_CTX_flush_sessions(a,0);
   1961 
   1962 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
   1963 
   1964 	if (a->sessions != NULL)
   1965 		lh_SSL_SESSION_free(a->sessions);
   1966 
   1967 	if (a->cert_store != NULL)
   1968 		X509_STORE_free(a->cert_store);
   1969 	if (a->cipher_list != NULL)
   1970 		sk_SSL_CIPHER_free(a->cipher_list);
   1971 	if (a->cipher_list_by_id != NULL)
   1972 		sk_SSL_CIPHER_free(a->cipher_list_by_id);
   1973 	if (a->cert != NULL)
   1974 		ssl_cert_free(a->cert);
   1975 	if (a->client_CA != NULL)
   1976 		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
   1977 	if (a->extra_certs != NULL)
   1978 		sk_X509_pop_free(a->extra_certs,X509_free);
   1979 #if 0 /* This should never be done, since it removes a global database */
   1980 	if (a->comp_methods != NULL)
   1981 		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
   1982 #else
   1983 	a->comp_methods = NULL;
   1984 #endif
   1985 
   1986 #ifndef OPENSSL_NO_SRTP
   1987         if (a->srtp_profiles)
   1988                 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
   1989 #endif
   1990 
   1991 #ifndef OPENSSL_NO_PSK
   1992 	if (a->psk_identity_hint)
   1993 		OPENSSL_free(a->psk_identity_hint);
   1994 #endif
   1995 #ifndef OPENSSL_NO_SRP
   1996 	SSL_CTX_SRP_CTX_free(a);
   1997 #endif
   1998 #ifndef OPENSSL_NO_ENGINE
   1999 	if (a->client_cert_engine)
   2000 		ENGINE_finish(a->client_cert_engine);
   2001 #endif
   2002 
   2003 #ifndef OPENSSL_NO_BUF_FREELISTS
   2004 	if (a->wbuf_freelist)
   2005 		ssl_buf_freelist_free(a->wbuf_freelist);
   2006 	if (a->rbuf_freelist)
   2007 		ssl_buf_freelist_free(a->rbuf_freelist);
   2008 #endif
   2009 
   2010 #ifndef OPENSSL_NO_TLSEXT
   2011 	if (a->tlsext_channel_id_private)
   2012 		EVP_PKEY_free(a->tlsext_channel_id_private);
   2013 #endif
   2014 
   2015 	OPENSSL_free(a);
   2016 	}
   2017 
   2018 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
   2019 	{
   2020 	ctx->default_passwd_callback=cb;
   2021 	}
   2022 
   2023 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
   2024 	{
   2025 	ctx->default_passwd_callback_userdata=u;
   2026 	}
   2027 
   2028 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
   2029 	{
   2030 	ctx->app_verify_callback=cb;
   2031 	ctx->app_verify_arg=arg;
   2032 	}
   2033 
   2034 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
   2035 	{
   2036 	ctx->verify_mode=mode;
   2037 	ctx->default_verify_callback=cb;
   2038 	}
   2039 
   2040 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
   2041 	{
   2042 	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
   2043 	}
   2044 
   2045 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
   2046 	{
   2047 	CERT_PKEY *cpk;
   2048 	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
   2049 	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
   2050 	int rsa_tmp_export,dh_tmp_export,kl;
   2051 	unsigned long mask_k,mask_a,emask_k,emask_a;
   2052 	int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
   2053 #ifndef OPENSSL_NO_ECDH
   2054 	int have_ecdh_tmp;
   2055 #endif
   2056 	X509 *x = NULL;
   2057 	EVP_PKEY *ecc_pkey = NULL;
   2058 	int signature_nid = 0, pk_nid = 0, md_nid = 0;
   2059 
   2060 	if (c == NULL) return;
   2061 
   2062 	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
   2063 
   2064 #ifndef OPENSSL_NO_RSA
   2065 	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
   2066 	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
   2067 		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
   2068 #else
   2069 	rsa_tmp=rsa_tmp_export=0;
   2070 #endif
   2071 #ifndef OPENSSL_NO_DH
   2072 	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
   2073 	dh_tmp_export=(c->dh_tmp_cb != NULL ||
   2074 		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
   2075 #else
   2076 	dh_tmp=dh_tmp_export=0;
   2077 #endif
   2078 
   2079 #ifndef OPENSSL_NO_ECDH
   2080 	have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
   2081 #endif
   2082 	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
   2083 	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
   2084 	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
   2085 	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
   2086 	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
   2087 	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
   2088 	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
   2089 	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
   2090 	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
   2091 	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
   2092 	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
   2093 /* FIX THIS EAY EAY EAY */
   2094 	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
   2095 	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
   2096 	cpk= &(c->pkeys[SSL_PKEY_ECC]);
   2097 	have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
   2098 	mask_k=0;
   2099 	mask_a=0;
   2100 	emask_k=0;
   2101 	emask_a=0;
   2102 
   2103 
   2104 
   2105 #ifdef CIPHER_DEBUG
   2106 	printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
   2107 	        rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
   2108 		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
   2109 #endif
   2110 
   2111 	cpk = &(c->pkeys[SSL_PKEY_GOST01]);
   2112 	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
   2113 		mask_k |= SSL_kGOST;
   2114 		mask_a |= SSL_aGOST01;
   2115 	}
   2116 	cpk = &(c->pkeys[SSL_PKEY_GOST94]);
   2117 	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
   2118 		mask_k |= SSL_kGOST;
   2119 		mask_a |= SSL_aGOST94;
   2120 	}
   2121 
   2122 	if (rsa_enc || (rsa_tmp && rsa_sign))
   2123 		mask_k|=SSL_kRSA;
   2124 	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
   2125 		emask_k|=SSL_kRSA;
   2126 
   2127 #if 0
   2128 	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
   2129 	if (	(dh_tmp || dh_rsa || dh_dsa) &&
   2130 		(rsa_enc || rsa_sign || dsa_sign))
   2131 		mask_k|=SSL_kEDH;
   2132 	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
   2133 		(rsa_enc || rsa_sign || dsa_sign))
   2134 		emask_k|=SSL_kEDH;
   2135 #endif
   2136 
   2137 	if (dh_tmp_export)
   2138 		emask_k|=SSL_kEDH;
   2139 
   2140 	if (dh_tmp)
   2141 		mask_k|=SSL_kEDH;
   2142 
   2143 	if (dh_rsa) mask_k|=SSL_kDHr;
   2144 	if (dh_rsa_export) emask_k|=SSL_kDHr;
   2145 
   2146 	if (dh_dsa) mask_k|=SSL_kDHd;
   2147 	if (dh_dsa_export) emask_k|=SSL_kDHd;
   2148 
   2149 	if (rsa_enc || rsa_sign)
   2150 		{
   2151 		mask_a|=SSL_aRSA;
   2152 		emask_a|=SSL_aRSA;
   2153 		}
   2154 
   2155 	if (dsa_sign)
   2156 		{
   2157 		mask_a|=SSL_aDSS;
   2158 		emask_a|=SSL_aDSS;
   2159 		}
   2160 
   2161 	mask_a|=SSL_aNULL;
   2162 	emask_a|=SSL_aNULL;
   2163 
   2164 #ifndef OPENSSL_NO_KRB5
   2165 	mask_k|=SSL_kKRB5;
   2166 	mask_a|=SSL_aKRB5;
   2167 	emask_k|=SSL_kKRB5;
   2168 	emask_a|=SSL_aKRB5;
   2169 #endif
   2170 
   2171 	/* An ECC certificate may be usable for ECDH and/or
   2172 	 * ECDSA cipher suites depending on the key usage extension.
   2173 	 */
   2174 	if (have_ecc_cert)
   2175 		{
   2176 		/* This call populates extension flags (ex_flags) */
   2177 		x = (c->pkeys[SSL_PKEY_ECC]).x509;
   2178 		X509_check_purpose(x, -1, 0);
   2179 		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
   2180 		    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
   2181 		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
   2182 		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
   2183 		ecc_pkey = X509_get_pubkey(x);
   2184 		ecc_pkey_size = (ecc_pkey != NULL) ?
   2185 		    EVP_PKEY_bits(ecc_pkey) : 0;
   2186 		EVP_PKEY_free(ecc_pkey);
   2187 		if ((x->sig_alg) && (x->sig_alg->algorithm))
   2188 			{
   2189 			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
   2190 			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
   2191 			}
   2192 #ifndef OPENSSL_NO_ECDH
   2193 		if (ecdh_ok)
   2194 			{
   2195 
   2196 			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
   2197 				{
   2198 				mask_k|=SSL_kECDHr;
   2199 				mask_a|=SSL_aECDH;
   2200 				if (ecc_pkey_size <= 163)
   2201 					{
   2202 					emask_k|=SSL_kECDHr;
   2203 					emask_a|=SSL_aECDH;
   2204 					}
   2205 				}
   2206 
   2207 			if (pk_nid == NID_X9_62_id_ecPublicKey)
   2208 				{
   2209 				mask_k|=SSL_kECDHe;
   2210 				mask_a|=SSL_aECDH;
   2211 				if (ecc_pkey_size <= 163)
   2212 					{
   2213 					emask_k|=SSL_kECDHe;
   2214 					emask_a|=SSL_aECDH;
   2215 					}
   2216 				}
   2217 			}
   2218 #endif
   2219 #ifndef OPENSSL_NO_ECDSA
   2220 		if (ecdsa_ok)
   2221 			{
   2222 			mask_a|=SSL_aECDSA;
   2223 			emask_a|=SSL_aECDSA;
   2224 			}
   2225 #endif
   2226 		}
   2227 
   2228 #ifndef OPENSSL_NO_ECDH
   2229 	if (have_ecdh_tmp)
   2230 		{
   2231 		mask_k|=SSL_kEECDH;
   2232 		emask_k|=SSL_kEECDH;
   2233 		}
   2234 #endif
   2235 
   2236 #ifndef OPENSSL_NO_PSK
   2237 	mask_k |= SSL_kPSK;
   2238 	mask_a |= SSL_aPSK;
   2239 	emask_k |= SSL_kPSK;
   2240 	emask_a |= SSL_aPSK;
   2241 #endif
   2242 
   2243 	c->mask_k=mask_k;
   2244 	c->mask_a=mask_a;
   2245 	c->export_mask_k=emask_k;
   2246 	c->export_mask_a=emask_a;
   2247 	c->valid=1;
   2248 	}
   2249 
   2250 /* This handy macro borrowed from crypto/x509v3/v3_purp.c */
   2251 #define ku_reject(x, usage) \
   2252 	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
   2253 
   2254 #ifndef OPENSSL_NO_EC
   2255 
   2256 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
   2257 	{
   2258 	unsigned long alg_k, alg_a;
   2259 	EVP_PKEY *pkey = NULL;
   2260 	int keysize = 0;
   2261 	int signature_nid = 0, md_nid = 0, pk_nid = 0;
   2262 	const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
   2263 
   2264 	alg_k = cs->algorithm_mkey;
   2265 	alg_a = cs->algorithm_auth;
   2266 
   2267 	if (SSL_C_IS_EXPORT(cs))
   2268 		{
   2269 		/* ECDH key length in export ciphers must be <= 163 bits */
   2270 		pkey = X509_get_pubkey(x);
   2271 		if (pkey == NULL) return 0;
   2272 		keysize = EVP_PKEY_bits(pkey);
   2273 		EVP_PKEY_free(pkey);
   2274 		if (keysize > 163) return 0;
   2275 		}
   2276 
   2277 	/* This call populates the ex_flags field correctly */
   2278 	X509_check_purpose(x, -1, 0);
   2279 	if ((x->sig_alg) && (x->sig_alg->algorithm))
   2280 		{
   2281 		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
   2282 		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
   2283 		}
   2284 	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
   2285 		{
   2286 		/* key usage, if present, must allow key agreement */
   2287 		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
   2288 			{
   2289 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
   2290 			return 0;
   2291 			}
   2292 		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
   2293 			{
   2294 			/* signature alg must be ECDSA */
   2295 			if (pk_nid != NID_X9_62_id_ecPublicKey)
   2296 				{
   2297 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
   2298 				return 0;
   2299 				}
   2300 			}
   2301 		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
   2302 			{
   2303 			/* signature alg must be RSA */
   2304 
   2305 			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
   2306 				{
   2307 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
   2308 				return 0;
   2309 				}
   2310 			}
   2311 		}
   2312 	if (alg_a & SSL_aECDSA)
   2313 		{
   2314 		/* key usage, if present, must allow signing */
   2315 		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
   2316 			{
   2317 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
   2318 			return 0;
   2319 			}
   2320 		}
   2321 
   2322 	return 1;  /* all checks are ok */
   2323 	}
   2324 
   2325 #endif
   2326 
   2327 /* THIS NEEDS CLEANING UP */
   2328 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
   2329 	{
   2330 	unsigned long alg_k,alg_a;
   2331 	CERT *c;
   2332 	int i;
   2333 
   2334 	c=s->cert;
   2335 	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
   2336 
   2337 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
   2338 	alg_a = s->s3->tmp.new_cipher->algorithm_auth;
   2339 
   2340 	if (alg_k & (SSL_kECDHr|SSL_kECDHe))
   2341 		{
   2342 		/* we don't need to look at SSL_kEECDH
   2343 		 * since no certificate is needed for
   2344 		 * anon ECDH and for authenticated
   2345 		 * EECDH, the check for the auth
   2346 		 * algorithm will set i correctly
   2347 		 * NOTE: For ECDH-RSA, we need an ECC
   2348 		 * not an RSA cert but for EECDH-RSA
   2349 		 * we need an RSA cert. Placing the
   2350 		 * checks for SSL_kECDH before RSA
   2351 		 * checks ensures the correct cert is chosen.
   2352 		 */
   2353 		i=SSL_PKEY_ECC;
   2354 		}
   2355 	else if (alg_a & SSL_aECDSA)
   2356 		{
   2357 		i=SSL_PKEY_ECC;
   2358 		}
   2359 	else if (alg_k & SSL_kDHr)
   2360 		i=SSL_PKEY_DH_RSA;
   2361 	else if (alg_k & SSL_kDHd)
   2362 		i=SSL_PKEY_DH_DSA;
   2363 	else if (alg_a & SSL_aDSS)
   2364 		i=SSL_PKEY_DSA_SIGN;
   2365 	else if (alg_a & SSL_aRSA)
   2366 		{
   2367 		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
   2368 			i=SSL_PKEY_RSA_SIGN;
   2369 		else
   2370 			i=SSL_PKEY_RSA_ENC;
   2371 		}
   2372 	else if (alg_a & SSL_aKRB5)
   2373 		{
   2374 		/* VRS something else here? */
   2375 		return(NULL);
   2376 		}
   2377 	else if (alg_a & SSL_aGOST94)
   2378 		i=SSL_PKEY_GOST94;
   2379 	else if (alg_a & SSL_aGOST01)
   2380 		i=SSL_PKEY_GOST01;
   2381 	else /* if (alg_a & SSL_aNULL) */
   2382 		{
   2383 		SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
   2384 		return(NULL);
   2385 		}
   2386 
   2387 	return c->pkeys + i;
   2388 	}
   2389 
   2390 X509 *ssl_get_server_send_cert(const SSL *s)
   2391 	{
   2392 	CERT_PKEY *cpk;
   2393 	cpk = ssl_get_server_send_pkey(s);
   2394 	if (!cpk)
   2395 		return NULL;
   2396 	return cpk->x509;
   2397 	}
   2398 
   2399 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
   2400 	{
   2401 	unsigned long alg_a;
   2402 	CERT *c;
   2403 	int idx = -1;
   2404 
   2405 	alg_a = cipher->algorithm_auth;
   2406 	c=s->cert;
   2407 
   2408 	if ((alg_a & SSL_aDSS) &&
   2409 		(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
   2410 		idx = SSL_PKEY_DSA_SIGN;
   2411 	else if (alg_a & SSL_aRSA)
   2412 		{
   2413 		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
   2414 			idx = SSL_PKEY_RSA_SIGN;
   2415 		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
   2416 			idx = SSL_PKEY_RSA_ENC;
   2417 		}
   2418 	else if ((alg_a & SSL_aECDSA) &&
   2419 	         (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
   2420 		idx = SSL_PKEY_ECC;
   2421 	if (idx == -1)
   2422 		{
   2423 		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
   2424 		return(NULL);
   2425 		}
   2426 	if (pmd)
   2427 		*pmd = c->pkeys[idx].digest;
   2428 	return c->pkeys[idx].privatekey;
   2429 	}
   2430 
   2431 void ssl_update_cache(SSL *s,int mode)
   2432 	{
   2433 	int i;
   2434 
   2435 	/* If the session_id_length is 0, we are not supposed to cache it,
   2436 	 * and it would be rather hard to do anyway :-) */
   2437 	if (s->session->session_id_length == 0) return;
   2438 
   2439 	i=s->session_ctx->session_cache_mode;
   2440 	if ((i & mode) && (!s->hit)
   2441 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
   2442 		    || SSL_CTX_add_session(s->session_ctx,s->session))
   2443 		&& (s->session_ctx->new_session_cb != NULL))
   2444 		{
   2445 		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
   2446 		if (!s->session_ctx->new_session_cb(s,s->session))
   2447 			SSL_SESSION_free(s->session);
   2448 		}
   2449 
   2450 	/* auto flush every 255 connections */
   2451 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
   2452 		((i & mode) == mode))
   2453 		{
   2454 		if (  (((mode & SSL_SESS_CACHE_CLIENT)
   2455 			?s->session_ctx->stats.sess_connect_good
   2456 			:s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
   2457 			{
   2458 			SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
   2459 			}
   2460 		}
   2461 	}
   2462 
   2463 const SSL_METHOD *SSL_get_ssl_method(SSL *s)
   2464 	{
   2465 	return(s->method);
   2466 	}
   2467 
   2468 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
   2469 	{
   2470 	int conn= -1;
   2471 	int ret=1;
   2472 
   2473 	if (s->method != meth)
   2474 		{
   2475 		if (s->handshake_func != NULL)
   2476 			conn=(s->handshake_func == s->method->ssl_connect);
   2477 
   2478 		if (s->method->version == meth->version)
   2479 			s->method=meth;
   2480 		else
   2481 			{
   2482 			s->method->ssl_free(s);
   2483 			s->method=meth;
   2484 			ret=s->method->ssl_new(s);
   2485 			}
   2486 
   2487 		if (conn == 1)
   2488 			s->handshake_func=meth->ssl_connect;
   2489 		else if (conn == 0)
   2490 			s->handshake_func=meth->ssl_accept;
   2491 		}
   2492 	return(ret);
   2493 	}
   2494 
   2495 int SSL_get_error(const SSL *s,int i)
   2496 	{
   2497 	int reason;
   2498 	unsigned long l;
   2499 	BIO *bio;
   2500 
   2501 	if (i > 0) return(SSL_ERROR_NONE);
   2502 
   2503 	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
   2504 	 * etc, where we do encode the error */
   2505 	if ((l=ERR_peek_error()) != 0)
   2506 		{
   2507 		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
   2508 			return(SSL_ERROR_SYSCALL);
   2509 		else
   2510 			return(SSL_ERROR_SSL);
   2511 		}
   2512 
   2513 	if ((i < 0) && SSL_want_read(s))
   2514 		{
   2515 		bio=SSL_get_rbio(s);
   2516 		if (BIO_should_read(bio))
   2517 			return(SSL_ERROR_WANT_READ);
   2518 		else if (BIO_should_write(bio))
   2519 			/* This one doesn't make too much sense ... We never try
   2520 			 * to write to the rbio, and an application program where
   2521 			 * rbio and wbio are separate couldn't even know what it
   2522 			 * should wait for.
   2523 			 * However if we ever set s->rwstate incorrectly
   2524 			 * (so that we have SSL_want_read(s) instead of
   2525 			 * SSL_want_write(s)) and rbio and wbio *are* the same,
   2526 			 * this test works around that bug; so it might be safer
   2527 			 * to keep it. */
   2528 			return(SSL_ERROR_WANT_WRITE);
   2529 		else if (BIO_should_io_special(bio))
   2530 			{
   2531 			reason=BIO_get_retry_reason(bio);
   2532 			if (reason == BIO_RR_CONNECT)
   2533 				return(SSL_ERROR_WANT_CONNECT);
   2534 			else if (reason == BIO_RR_ACCEPT)
   2535 				return(SSL_ERROR_WANT_ACCEPT);
   2536 			else
   2537 				return(SSL_ERROR_SYSCALL); /* unknown */
   2538 			}
   2539 		}
   2540 
   2541 	if ((i < 0) && SSL_want_write(s))
   2542 		{
   2543 		bio=SSL_get_wbio(s);
   2544 		if (BIO_should_write(bio))
   2545 			return(SSL_ERROR_WANT_WRITE);
   2546 		else if (BIO_should_read(bio))
   2547 			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
   2548 			return(SSL_ERROR_WANT_READ);
   2549 		else if (BIO_should_io_special(bio))
   2550 			{
   2551 			reason=BIO_get_retry_reason(bio);
   2552 			if (reason == BIO_RR_CONNECT)
   2553 				return(SSL_ERROR_WANT_CONNECT);
   2554 			else if (reason == BIO_RR_ACCEPT)
   2555 				return(SSL_ERROR_WANT_ACCEPT);
   2556 			else
   2557 				return(SSL_ERROR_SYSCALL);
   2558 			}
   2559 		}
   2560 	if ((i < 0) && SSL_want_x509_lookup(s))
   2561 		{
   2562 		return(SSL_ERROR_WANT_X509_LOOKUP);
   2563 		}
   2564 
   2565 	if (i == 0)
   2566 		{
   2567 		if (s->version == SSL2_VERSION)
   2568 			{
   2569 			/* assume it is the socket being closed */
   2570 			return(SSL_ERROR_ZERO_RETURN);
   2571 			}
   2572 		else
   2573 			{
   2574 			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
   2575 				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
   2576 				return(SSL_ERROR_ZERO_RETURN);
   2577 			}
   2578 		}
   2579 	return(SSL_ERROR_SYSCALL);
   2580 	}
   2581 
   2582 int SSL_do_handshake(SSL *s)
   2583 	{
   2584 	int ret=1;
   2585 
   2586 	if (s->handshake_func == NULL)
   2587 		{
   2588 		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
   2589 		return(-1);
   2590 		}
   2591 
   2592 	s->method->ssl_renegotiate_check(s);
   2593 
   2594 	if (SSL_in_init(s) || SSL_in_before(s))
   2595 		{
   2596 		ret=s->handshake_func(s);
   2597 		}
   2598 	return(ret);
   2599 	}
   2600 
   2601 /* For the next 2 functions, SSL_clear() sets shutdown and so
   2602  * one of these calls will reset it */
   2603 void SSL_set_accept_state(SSL *s)
   2604 	{
   2605 	s->server=1;
   2606 	s->shutdown=0;
   2607 	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
   2608 	s->handshake_func=s->method->ssl_accept;
   2609 	/* clear the current cipher */
   2610 	ssl_clear_cipher_ctx(s);
   2611 	ssl_clear_hash_ctx(&s->read_hash);
   2612 	ssl_clear_hash_ctx(&s->write_hash);
   2613 	}
   2614 
   2615 void SSL_set_connect_state(SSL *s)
   2616 	{
   2617 	s->server=0;
   2618 	s->shutdown=0;
   2619 	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
   2620 	s->handshake_func=s->method->ssl_connect;
   2621 	/* clear the current cipher */
   2622 	ssl_clear_cipher_ctx(s);
   2623 	ssl_clear_hash_ctx(&s->read_hash);
   2624 	ssl_clear_hash_ctx(&s->write_hash);
   2625 	}
   2626 
   2627 int ssl_undefined_function(SSL *s)
   2628 	{
   2629 	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2630 	return(0);
   2631 	}
   2632 
   2633 int ssl_undefined_void_function(void)
   2634 	{
   2635 	SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2636 	return(0);
   2637 	}
   2638 
   2639 int ssl_undefined_const_function(const SSL *s)
   2640 	{
   2641 	SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2642 	return(0);
   2643 	}
   2644 
   2645 SSL_METHOD *ssl_bad_method(int ver)
   2646 	{
   2647 	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2648 	return(NULL);
   2649 	}
   2650 
   2651 static const char *ssl_get_version(int version)
   2652 	{
   2653 	if (version == TLS1_2_VERSION)
   2654 		return("TLSv1.2");
   2655 	else if (version == TLS1_1_VERSION)
   2656 		return("TLSv1.1");
   2657 	else if (version == TLS1_VERSION)
   2658 		return("TLSv1");
   2659 	else if (version == SSL3_VERSION)
   2660 		return("SSLv3");
   2661 	else if (version == SSL2_VERSION)
   2662 		return("SSLv2");
   2663 	else
   2664 		return("unknown");
   2665 	}
   2666 
   2667 const char *SSL_get_version(const SSL *s)
   2668 	{
   2669 		return ssl_get_version(s->version);
   2670 	}
   2671 
   2672 const char *SSL_SESSION_get_version(const SSL_SESSION *s)
   2673 	{
   2674 		return ssl_get_version(s->ssl_version);
   2675 	}
   2676 
   2677 const char* SSL_authentication_method(const SSL* ssl)
   2678 	{
   2679 	if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL)
   2680 		return SSL_TXT_RSA "_" SSL_TXT_EXPORT;
   2681 	switch (ssl->version)
   2682 		{
   2683 	case SSL2_VERSION:
   2684 		return SSL_TXT_RSA;
   2685 	default:
   2686 		return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
   2687 		}
   2688 	}
   2689 
   2690 SSL *SSL_dup(SSL *s)
   2691 	{
   2692 	STACK_OF(X509_NAME) *sk;
   2693 	X509_NAME *xn;
   2694 	SSL *ret;
   2695 	int i;
   2696 
   2697 	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
   2698 	    return(NULL);
   2699 
   2700 	ret->version = s->version;
   2701 	ret->type = s->type;
   2702 	ret->method = s->method;
   2703 
   2704 	if (s->session != NULL)
   2705 		{
   2706 		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
   2707 		SSL_copy_session_id(ret,s);
   2708 		}
   2709 	else
   2710 		{
   2711 		/* No session has been established yet, so we have to expect
   2712 		 * that s->cert or ret->cert will be changed later --
   2713 		 * they should not both point to the same object,
   2714 		 * and thus we can't use SSL_copy_session_id. */
   2715 
   2716 		ret->method->ssl_free(ret);
   2717 		ret->method = s->method;
   2718 		ret->method->ssl_new(ret);
   2719 
   2720 		if (s->cert != NULL)
   2721 			{
   2722 			if (ret->cert != NULL)
   2723 				{
   2724 				ssl_cert_free(ret->cert);
   2725 				}
   2726 			ret->cert = ssl_cert_dup(s->cert);
   2727 			if (ret->cert == NULL)
   2728 				goto err;
   2729 			}
   2730 
   2731 		SSL_set_session_id_context(ret,
   2732 			s->sid_ctx, s->sid_ctx_length);
   2733 		}
   2734 
   2735 	ret->options=s->options;
   2736 	ret->mode=s->mode;
   2737 	SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
   2738 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
   2739 	ret->msg_callback = s->msg_callback;
   2740 	ret->msg_callback_arg = s->msg_callback_arg;
   2741 	SSL_set_verify(ret,SSL_get_verify_mode(s),
   2742 		SSL_get_verify_callback(s));
   2743 	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
   2744 	ret->generate_session_id = s->generate_session_id;
   2745 
   2746 	SSL_set_info_callback(ret,SSL_get_info_callback(s));
   2747 
   2748 	ret->debug=s->debug;
   2749 
   2750 	/* copy app data, a little dangerous perhaps */
   2751 	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
   2752 		goto err;
   2753 
   2754 	/* setup rbio, and wbio */
   2755 	if (s->rbio != NULL)
   2756 		{
   2757 		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
   2758 			goto err;
   2759 		}
   2760 	if (s->wbio != NULL)
   2761 		{
   2762 		if (s->wbio != s->rbio)
   2763 			{
   2764 			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
   2765 				goto err;
   2766 			}
   2767 		else
   2768 			ret->wbio=ret->rbio;
   2769 		}
   2770 	ret->rwstate = s->rwstate;
   2771 	ret->in_handshake = s->in_handshake;
   2772 	ret->handshake_func = s->handshake_func;
   2773 	ret->server = s->server;
   2774 	ret->renegotiate = s->renegotiate;
   2775 	ret->new_session = s->new_session;
   2776 	ret->quiet_shutdown = s->quiet_shutdown;
   2777 	ret->shutdown=s->shutdown;
   2778 	ret->state=s->state; /* SSL_dup does not really work at any state, though */
   2779 	ret->rstate=s->rstate;
   2780 	ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
   2781 	ret->hit=s->hit;
   2782 
   2783 	X509_VERIFY_PARAM_inherit(ret->param, s->param);
   2784 
   2785 	/* dup the cipher_list and cipher_list_by_id stacks */
   2786 	if (s->cipher_list != NULL)
   2787 		{
   2788 		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
   2789 			goto err;
   2790 		}
   2791 	if (s->cipher_list_by_id != NULL)
   2792 		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
   2793 			== NULL)
   2794 			goto err;
   2795 
   2796 	/* Dup the client_CA list */
   2797 	if (s->client_CA != NULL)
   2798 		{
   2799 		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
   2800 		ret->client_CA=sk;
   2801 		for (i=0; i<sk_X509_NAME_num(sk); i++)
   2802 			{
   2803 			xn=sk_X509_NAME_value(sk,i);
   2804 			if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
   2805 				{
   2806 				X509_NAME_free(xn);
   2807 				goto err;
   2808 				}
   2809 			}
   2810 		}
   2811 
   2812 	if (0)
   2813 		{
   2814 err:
   2815 		if (ret != NULL) SSL_free(ret);
   2816 		ret=NULL;
   2817 		}
   2818 	return(ret);
   2819 	}
   2820 
   2821 void ssl_clear_cipher_ctx(SSL *s)
   2822 	{
   2823 	if (s->enc_read_ctx != NULL)
   2824 		{
   2825 		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
   2826 		OPENSSL_free(s->enc_read_ctx);
   2827 		s->enc_read_ctx=NULL;
   2828 		}
   2829 	if (s->enc_write_ctx != NULL)
   2830 		{
   2831 		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
   2832 		OPENSSL_free(s->enc_write_ctx);
   2833 		s->enc_write_ctx=NULL;
   2834 		}
   2835 #ifndef OPENSSL_NO_COMP
   2836 	if (s->expand != NULL)
   2837 		{
   2838 		COMP_CTX_free(s->expand);
   2839 		s->expand=NULL;
   2840 		}
   2841 	if (s->compress != NULL)
   2842 		{
   2843 		COMP_CTX_free(s->compress);
   2844 		s->compress=NULL;
   2845 		}
   2846 #endif
   2847 	}
   2848 
   2849 /* Fix this function so that it takes an optional type parameter */
   2850 X509 *SSL_get_certificate(const SSL *s)
   2851 	{
   2852 	if (s->server)
   2853 		return(ssl_get_server_send_cert(s));
   2854 	else if (s->cert != NULL)
   2855 		return(s->cert->key->x509);
   2856 	else
   2857 		return(NULL);
   2858 	}
   2859 
   2860 /* Fix this function so that it takes an optional type parameter */
   2861 EVP_PKEY *SSL_get_privatekey(SSL *s)
   2862 	{
   2863 	if (s->cert != NULL)
   2864 		return(s->cert->key->privatekey);
   2865 	else
   2866 		return(NULL);
   2867 	}
   2868 
   2869 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
   2870 	{
   2871 	if ((s->session != NULL) && (s->session->cipher != NULL))
   2872 		return(s->session->cipher);
   2873 	return(NULL);
   2874 	}
   2875 #ifdef OPENSSL_NO_COMP
   2876 const void *SSL_get_current_compression(SSL *s)
   2877 	{
   2878 	return NULL;
   2879 	}
   2880 const void *SSL_get_current_expansion(SSL *s)
   2881 	{
   2882 	return NULL;
   2883 	}
   2884 #else
   2885 
   2886 const COMP_METHOD *SSL_get_current_compression(SSL *s)
   2887 	{
   2888 	if (s->compress != NULL)
   2889 		return(s->compress->meth);
   2890 	return(NULL);
   2891 	}
   2892 
   2893 const COMP_METHOD *SSL_get_current_expansion(SSL *s)
   2894 	{
   2895 	if (s->expand != NULL)
   2896 		return(s->expand->meth);
   2897 	return(NULL);
   2898 	}
   2899 #endif
   2900 
   2901 int ssl_init_wbio_buffer(SSL *s,int push)
   2902 	{
   2903 	BIO *bbio;
   2904 
   2905 	if (s->bbio == NULL)
   2906 		{
   2907 		bbio=BIO_new(BIO_f_buffer());
   2908 		if (bbio == NULL) return(0);
   2909 		s->bbio=bbio;
   2910 		}
   2911 	else
   2912 		{
   2913 		bbio=s->bbio;
   2914 		if (s->bbio == s->wbio)
   2915 			s->wbio=BIO_pop(s->wbio);
   2916 		}
   2917 	(void)BIO_reset(bbio);
   2918 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
   2919 	if (!BIO_set_read_buffer_size(bbio,1))
   2920 		{
   2921 		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
   2922 		return(0);
   2923 		}
   2924 	if (push)
   2925 		{
   2926 		if (s->wbio != bbio)
   2927 			s->wbio=BIO_push(bbio,s->wbio);
   2928 		}
   2929 	else
   2930 		{
   2931 		if (s->wbio == bbio)
   2932 			s->wbio=BIO_pop(bbio);
   2933 		}
   2934 	return(1);
   2935 	}
   2936 
   2937 void ssl_free_wbio_buffer(SSL *s)
   2938 	{
   2939 	if (s->bbio == NULL) return;
   2940 
   2941 	if (s->bbio == s->wbio)
   2942 		{
   2943 		/* remove buffering */
   2944 		s->wbio=BIO_pop(s->wbio);
   2945 #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
   2946 		assert(s->wbio != NULL);
   2947 #endif
   2948 	}
   2949 	BIO_free(s->bbio);
   2950 	s->bbio=NULL;
   2951 	}
   2952 
   2953 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
   2954 	{
   2955 	ctx->quiet_shutdown=mode;
   2956 	}
   2957 
   2958 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
   2959 	{
   2960 	return(ctx->quiet_shutdown);
   2961 	}
   2962 
   2963 void SSL_set_quiet_shutdown(SSL *s,int mode)
   2964 	{
   2965 	s->quiet_shutdown=mode;
   2966 	}
   2967 
   2968 int SSL_get_quiet_shutdown(const SSL *s)
   2969 	{
   2970 	return(s->quiet_shutdown);
   2971 	}
   2972 
   2973 void SSL_set_shutdown(SSL *s,int mode)
   2974 	{
   2975 	s->shutdown=mode;
   2976 	}
   2977 
   2978 int SSL_get_shutdown(const SSL *s)
   2979 	{
   2980 	return(s->shutdown);
   2981 	}
   2982 
   2983 int SSL_version(const SSL *s)
   2984 	{
   2985 	return(s->version);
   2986 	}
   2987 
   2988 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
   2989 	{
   2990 	return(ssl->ctx);
   2991 	}
   2992 
   2993 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
   2994 	{
   2995 	if (ssl->ctx == ctx)
   2996 		return ssl->ctx;
   2997 #ifndef OPENSSL_NO_TLSEXT
   2998 	if (ctx == NULL)
   2999 		ctx = ssl->initial_ctx;
   3000 #endif
   3001 	if (ssl->cert != NULL)
   3002 		ssl_cert_free(ssl->cert);
   3003 	ssl->cert = ssl_cert_dup(ctx->cert);
   3004 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
   3005 	if (ssl->ctx != NULL)
   3006 		SSL_CTX_free(ssl->ctx); /* decrement reference count */
   3007 	ssl->ctx = ctx;
   3008 	return(ssl->ctx);
   3009 	}
   3010 
   3011 #ifndef OPENSSL_NO_STDIO
   3012 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
   3013 	{
   3014 	return(X509_STORE_set_default_paths(ctx->cert_store));
   3015 	}
   3016 
   3017 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
   3018 		const char *CApath)
   3019 	{
   3020 	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
   3021 	}
   3022 #endif
   3023 
   3024 void SSL_set_info_callback(SSL *ssl,
   3025 	void (*cb)(const SSL *ssl,int type,int val))
   3026 	{
   3027 	ssl->info_callback=cb;
   3028 	}
   3029 
   3030 /* One compiler (Diab DCC) doesn't like argument names in returned
   3031    function pointer.  */
   3032 void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
   3033 	{
   3034 	return ssl->info_callback;
   3035 	}
   3036 
   3037 int SSL_state(const SSL *ssl)
   3038 	{
   3039 	return(ssl->state);
   3040 	}
   3041 
   3042 void SSL_set_state(SSL *ssl, int state)
   3043 	{
   3044 	ssl->state = state;
   3045 	}
   3046 
   3047 void SSL_set_verify_result(SSL *ssl,long arg)
   3048 	{
   3049 	ssl->verify_result=arg;
   3050 	}
   3051 
   3052 long SSL_get_verify_result(const SSL *ssl)
   3053 	{
   3054 	return(ssl->verify_result);
   3055 	}
   3056 
   3057 int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
   3058 			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
   3059 	{
   3060 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
   3061 				new_func, dup_func, free_func);
   3062 	}
   3063 
   3064 int SSL_set_ex_data(SSL *s,int idx,void *arg)
   3065 	{
   3066 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
   3067 	}
   3068 
   3069 void *SSL_get_ex_data(const SSL *s,int idx)
   3070 	{
   3071 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
   3072 	}
   3073 
   3074 int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
   3075 			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
   3076 	{
   3077 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
   3078 				new_func, dup_func, free_func);
   3079 	}
   3080 
   3081 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
   3082 	{
   3083 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
   3084 	}
   3085 
   3086 void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
   3087 	{
   3088 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
   3089 	}
   3090 
   3091 int ssl_ok(SSL *s)
   3092 	{
   3093 	return(1);
   3094 	}
   3095 
   3096 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
   3097 	{
   3098 	return(ctx->cert_store);
   3099 	}
   3100 
   3101 void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
   3102 	{
   3103 	if (ctx->cert_store != NULL)
   3104 		X509_STORE_free(ctx->cert_store);
   3105 	ctx->cert_store=store;
   3106 	}
   3107 
   3108 int SSL_want(const SSL *s)
   3109 	{
   3110 	return(s->rwstate);
   3111 	}
   3112 
   3113 /*!
   3114  * \brief Set the callback for generating temporary RSA keys.
   3115  * \param ctx the SSL context.
   3116  * \param cb the callback
   3117  */
   3118 
   3119 #ifndef OPENSSL_NO_RSA
   3120 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
   3121 							  int is_export,
   3122 							  int keylength))
   3123     {
   3124     SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
   3125     }
   3126 
   3127 void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
   3128 						  int is_export,
   3129 						  int keylength))
   3130     {
   3131     SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
   3132     }
   3133 #endif
   3134 
   3135 #ifdef DOXYGEN
   3136 /*!
   3137  * \brief The RSA temporary key callback function.
   3138  * \param ssl the SSL session.
   3139  * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
   3140  * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
   3141  * of the required key in bits.
   3142  * \return the temporary RSA key.
   3143  * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
   3144  */
   3145 
   3146 RSA *cb(SSL *ssl,int is_export,int keylength)
   3147     {}
   3148 #endif
   3149 
   3150 /*!
   3151  * \brief Set the callback for generating temporary DH keys.
   3152  * \param ctx the SSL context.
   3153  * \param dh the callback
   3154  */
   3155 
   3156 #ifndef OPENSSL_NO_DH
   3157 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
   3158                                                         int keylength))
   3159 	{
   3160 	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
   3161 	}
   3162 
   3163 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
   3164                                                 int keylength))
   3165 	{
   3166 	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
   3167 	}
   3168 #endif
   3169 
   3170 #ifndef OPENSSL_NO_ECDH
   3171 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
   3172                                                                 int keylength))
   3173 	{
   3174 	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
   3175 	}
   3176 
   3177 void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
   3178                                                         int keylength))
   3179 	{
   3180 	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
   3181 	}
   3182 #endif
   3183 
   3184 #ifndef OPENSSL_NO_PSK
   3185 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
   3186 	{
   3187 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
   3188 		{
   3189 		SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
   3190 		return 0;
   3191 		}
   3192 	if (ctx->psk_identity_hint != NULL)
   3193 		OPENSSL_free(ctx->psk_identity_hint);
   3194 	if (identity_hint != NULL)
   3195 		{
   3196 		ctx->psk_identity_hint = BUF_strdup(identity_hint);
   3197 		if (ctx->psk_identity_hint == NULL)
   3198 			return 0;
   3199 		}
   3200 	else
   3201 		ctx->psk_identity_hint = NULL;
   3202 	return 1;
   3203 	}
   3204 
   3205 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
   3206 	{
   3207 	if (s == NULL)
   3208 		return 0;
   3209 
   3210 	if (s->session == NULL)
   3211 		return 1; /* session not created yet, ignored */
   3212 
   3213 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
   3214 		{
   3215 		SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
   3216 		return 0;
   3217 		}
   3218 	if (s->session->psk_identity_hint != NULL)
   3219 		OPENSSL_free(s->session->psk_identity_hint);
   3220 	if (identity_hint != NULL)
   3221 		{
   3222 		s->session->psk_identity_hint = BUF_strdup(identity_hint);
   3223 		if (s->session->psk_identity_hint == NULL)
   3224 			return 0;
   3225 		}
   3226 	else
   3227 		s->session->psk_identity_hint = NULL;
   3228 	return 1;
   3229 	}
   3230 
   3231 const char *SSL_get_psk_identity_hint(const SSL *s)
   3232 	{
   3233 	if (s == NULL || s->session == NULL)
   3234 		return NULL;
   3235 	return(s->session->psk_identity_hint);
   3236 	}
   3237 
   3238 const char *SSL_get_psk_identity(const SSL *s)
   3239 	{
   3240 	if (s == NULL || s->session == NULL)
   3241 		return NULL;
   3242 	return(s->session->psk_identity);
   3243 	}
   3244 
   3245 void SSL_set_psk_client_callback(SSL *s,
   3246     unsigned int (*cb)(SSL *ssl, const char *hint,
   3247                        char *identity, unsigned int max_identity_len, unsigned char *psk,
   3248                        unsigned int max_psk_len))
   3249 	{
   3250 	s->psk_client_callback = cb;
   3251 	}
   3252 
   3253 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
   3254     unsigned int (*cb)(SSL *ssl, const char *hint,
   3255                        char *identity, unsigned int max_identity_len, unsigned char *psk,
   3256                        unsigned int max_psk_len))
   3257 	{
   3258 	ctx->psk_client_callback = cb;
   3259 	}
   3260 
   3261 void SSL_set_psk_server_callback(SSL *s,
   3262     unsigned int (*cb)(SSL *ssl, const char *identity,
   3263                        unsigned char *psk, unsigned int max_psk_len))
   3264 	{
   3265 	s->psk_server_callback = cb;
   3266 	}
   3267 
   3268 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
   3269     unsigned int (*cb)(SSL *ssl, const char *identity,
   3270                        unsigned char *psk, unsigned int max_psk_len))
   3271 	{
   3272 	ctx->psk_server_callback = cb;
   3273 	}
   3274 #endif
   3275 
   3276 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
   3277 	{
   3278 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
   3279 	}
   3280 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
   3281 	{
   3282 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
   3283 	}
   3284 
   3285 int SSL_cutthrough_complete(const SSL *s)
   3286 	{
   3287 	return (!s->server &&                 /* cutthrough only applies to clients */
   3288 		!s->hit &&                        /* full-handshake */
   3289 		s->version >= SSL3_VERSION &&
   3290 		s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
   3291 		(SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
   3292 		SSL_get_cipher_bits(s, NULL) >= 128 &&                      /* strong cipher choosen */
   3293 		s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
   3294 		(s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
   3295 			s->state == SSL3_ST_CR_FINISHED_A));
   3296 	}
   3297 
   3298 /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
   3299  * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
   3300  * any. If EVP_MD pointer is passed, initializes ctx with this md
   3301  * Returns newly allocated ctx;
   3302  */
   3303 
   3304 EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
   3305 {
   3306 	ssl_clear_hash_ctx(hash);
   3307 	*hash = EVP_MD_CTX_create();
   3308 	if (md) EVP_DigestInit_ex(*hash,md,NULL);
   3309 	return *hash;
   3310 }
   3311 void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
   3312 {
   3313 
   3314 	if (*hash) EVP_MD_CTX_destroy(*hash);
   3315 	*hash=NULL;
   3316 }
   3317 
   3318 void SSL_set_debug(SSL *s, int debug)
   3319 	{
   3320 	s->debug = debug;
   3321 	}
   3322 
   3323 int SSL_cache_hit(SSL *s)
   3324 	{
   3325 	return s->hit;
   3326 	}
   3327 
   3328 #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
   3329 #include "../crypto/bio/bss_file.c"
   3330 #endif
   3331 
   3332 IMPLEMENT_STACK_OF(SSL_CIPHER)
   3333 IMPLEMENT_STACK_OF(SSL_COMP)
   3334 IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
   3335 				    ssl_cipher_id);
   3336